If you use this mobile operator, your personal data may have been stolen – BGR

The stars lined up last week to uncover a significant number of data breaches and security vulnerabilities. The massive Facebook hack from August 2019 returns to haunt over 533 million users whose personal data has fallen into the hands of hackers. Even Mark Zuckerberg’s account has been included in the list, however Facebook will not notify users who may have been affected. A similar hack involving personal data scraped for 500 million LinkedIn accounts was also revealed, and the massive database of information was sold online earlier this week. Then I saw another data leak that allowed people to get the phone numbers of Facebook users who liked a page on the social network. Furthermore, a large number of credit card records and social security numbers were broken on a platform that sells this type of stolen information – ie data was stolen before this security feat, but has now been made available. on a larger scale. Finally, we saw again Android apps spreading malware in nature, and Facebook allowed ads for a malware app on its platform.

In addition, there is another vulnerability that millions of people need to be aware of. A small mobile operator failed to protect their customers’ personal data, so anyone could access their account information by simply entering a phone number into a mobile application.

The best deals today This automatic jar opener has gone viral on TikTok and people are flooding Amazon to get one! Price:$ 48.99 Available from Amazon, BGR may receive a commission Purchase now Available from Amazon BGR may receive a commission

The operator in question is Q Link Wireless, a mobile virtual network (MVNO) operator with approximately 2 million customers in the United States. A Reddit user first discovered the security vulnerability a few months ago, trying to notify the operator several times through customer support and reviews of applications that highlighted the error. Ars Technica followed the post, and its investigations could have persuaded Q Link Wireless to finally resolve the security issue.

The “hack” allowed anyone to install my operator’s Mobile Account and then enter any customer’s phone number to access the data associated with that account. No password was required, and the information was accessible to anyone who knew about the security issue.

The mobile application provides tons of information about users. Examples include a user’s first and last name, home address, phone call history (made / received), text message history (made / received), account number, email address, and the last four digits of the associated payment card.

The application cannot be used to make changes to someone’s account or to affect their phone number through a SIM swap or someone’s lock. But burnt says a potential SIM swapper could try to use the data to provide assistance to a Q Link Wireless employee. A simpler type of attack involves spying on victims. Vulnerability-conscious people could have used the security flaw to track someone’s calls and messages. Spouses, abusers and other abusive people with malicious intent who could target a particular victim could have done so easily.

After ignoring the issue for months, Q Link Wireless seems to have fixed it, so the data is no longer available to anyone who knows a phone number. It is unclear whether the vulnerability was abused, according to security firm Intel471 burnt that he did not find discussions about this particular security flaw on the forums frequently used by hackers and criminals. But the report points out that there is no way to know if the leak was abused on a smaller scale.

Ars Technica’s the full report is available at this link.

The best deals today This automatic jar opener has gone viral on TikTok and people are flooding Amazon to get one! Price:$ 48.99 Available from Amazon, BGR may receive a commission Purchase now Available from Amazon BGR may receive a commission