Most of the impacted customers do not need to take any action — except be on the lookout for phishing attempts. However, one Google Fi user reported on Reddit that their notification also informed them that their mobile phone service had been transferred from their SIM card to another SIM card for nearly two hours on January 1.
The notification from Google Fi, according to the impacted customer, read, “During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages. Despite the SIM transfer, your voicemail could not have been accessed. We have restored Google Fi service to your SIM card.”
The customer confirmed that their SIM card had been targeted in a SIM swapping attack on January 1, and claimed that the hacker used it to access three online accounts, including email, financial account, and the Authy authenticator app.
“I tried reporting this repeatedly to Google Fi, including with detailed evidence, and their customer support reps didn’t believe me and didn’t follow up,” the customer said. “They thought this was a standard password compromise or something, even though I could clearly see from activity logs that the hacker reset my passwords rather than logging in and then changing them, and I could see in the Google Fi activity logs the SMSes I didn’t receive that they used to compromise my accounts.”
As for T-Mobile, the company said it detected a data breach on January 5. The threat actor, which has not been identified, apparently abused an API to access customer account data such as name, billing address, phone number, email, date of birth, and service information. Roughly 37 million current postpaid and prepaid customer accounts are impacted.
Related: Hackers Accessed Information of T-Mobile Prepaid Customers
Related: T-Mobile Notifying Customers of Another Data Breach
Related: Lapsus$ Hackers Gained Access to T-Mobile Systems, Source Code
