Unknown Hackers Breach Google Fi Customer Data
As a result of a recent cyberattack, threat actors compromised Google Fi customer data. The incident is probably linked to the recent massive T-Mobile data breach in January.
In an email sent by Google Fi to its users, they have mentioned that “suspicious activity involving a third-party customer support system and a limited amount of Google Fi customer data.”
According to Google, “the data does not contain your name, date of birth, email address, payment card information, social security number or tax IDs, driver’s license or other forms of government ID, or financial account information, passwords or PINs that you may use for Google Fi or the contents of any SMS messages or calls.”
Lior Yaari (CEO and co-founder of Grip Security) said, “Data stolen in this breach is going to fuel numerous attacks in the future. However, the victims can take a little solace that their payment information or PINs were not stolen.” He also added that “the hackers can potentially still do a lot of damage by having access to the users’ phone numbers and SIM serial card numbers, including taking over your phone number. Once the hackers take over your phone number, they can use it for illicit purposes or even bypass two-factor authentication that uses SMS.”
Google Fi users do not have to take any further action, and no unauthorized access has occurred to Google’s systems or systems overseen directly by Google.
This is the second major cyberattack in less than two years, following a 2021 incident that compromised the personal information of an estimated 76.6 million people.
In the last T-Mobile breach, hackers only stole basic information like customer billing addresses, names, phone numbers, and emails. Just to be safe, Yaari suggested that affected customers should at least consider changing their SIM cards.
Google suggested its customers secure sensitive information by taking these precautions:
- Manage which apps have access to your phone’s data to prevent unwanted access
- Update all apps and operating systems on mobile devices
- Enable 2-step verification
- Make sure all your accounts have unique and strong passwords
