Hackers have managed to hack into Google Fi. That’s the search giant’s virtual network operator (MVNO). Google warns its customers.
The search giant told TechCrunch that the hackers obtained “a piece of user info”. Google says no passwords or payment information was leaked. The hackers did steal telephone numbers, as well as account statuses, SIM card serial numbers and subscription information.
The intrusion happened at a third-party app used for customer support at Google Fi’s primary network provider. Although Google does not mention it by name, in the United States it is US Cellular and T-Mobile that support the service. The security breach would have been addressed and closed immediately.
Google Fi is taking action
Most users would have been told not to do anything themselves. Google said it will continue to work closely with Fi’s network provider to “implement measures to secure the data on that third-party system and notify all affected users.”
One customer is already complaining on Reddit, because the hack has left him with more serious problems. For example, he was told that his “mobile service was transferred from his SIM card to another SIM”. The customer says that he received notifications to reset his password from Outlook, a crypto wallet and the two-step verifier Authy, among others.
Hacking via sms
The user in question submitted logs to 9to5Google, showing that the hackers used his number to receive text messages, which enabled the accounts to be hacked. The criminals started resetting passwords and requesting two-step verification, barely a minute later the SIM card was hijacked.
The customer in question was able to get his account back by turning off and on the network access on his iPhone, but it’s not clear if that completely solved the problem.
