If you use this cell phone provider, your personal information may have been stolen – BGR

The stars aligned precisely for the past week to reveal a significant number of data breaches and security vulnerabilities. The massive Facebook hack of August 2019 haunts more than 533 million users whose personal information has got into the hands of hackers. Even Mark Zuckerberg’s account was on the list, but Facebook will not notify users who may have been affected. A similar hack involving scraped personal data from 500 million LinkedIn accounts was also revealed, and the massive database of information was available for purchase online earlier this week. Then we saw another data breach that allowed people to find out the phone numbers of Facebook users who liked a page on the social network. Subsequently, a large number of credit card records and social security numbers were hacked into a platform that sells this kind of stolen information – that is, data was stolen before this security exploitation, but has now been made more widely available. Finally, we also saw Android apps spreading malware back into the wild, and Facebook allowed ads for a malware app on its platform.

To top it all off, there is one more vulnerability that millions of people should be aware of. A small mobile operator failed to protect its customers’ personal information, so anyone could access account information simply by entering a phone number in a mobile app.

Today’s best deal This automatic jar opener went viral on TikTok and people are flooding Amazon to get one! Price:$ 48.99 BGR is available from Amazon and can receive a commission Buy now Available at Amazon BGR can receive a commission

The provider in question is Q Link Wireless, a Mobile Virtual Network Operator (MVNO) with approximately 2 million US customers. A Reddit user first discovered the security issue a few months ago and tried to notify the carrier a few times via customer support and app reviews highlighting the bug. Ars Technica followed up on that message, and his questions might have convinced Q Link Wireless to finally fix the security problem.

The “hack” allowed anyone to install the carrier’s My Mobile account and then enter a customer’s phone number to access the data associated with that account. No password was required and the information was accessible to anyone aware of the security issue.

The mobile app provides a lot of information about users. Examples include a user’s first and last name, home address, phone call history (outgoing / incoming), text message history (outgoing / incoming), account number, email address, and the last four digits of the corresponding payment card.

The app cannot be used to make changes to someone’s account or to corrupt the phone number by swapping a SIM card or locking someone out. But Ars says a potential SIM swapper could try to use the data to help a Q Link Wireless employee. A simpler type of attack is to spy on victims. People aware of the vulnerability could have used the security flaw to track someone’s calls and texts. Abusive husbands, stalkers, and other malicious people who could potentially target a particular victim could easily have done this.

After months of ignoring the problem, Q Link Wireless seems to have fixed the problem so that the data is no longer available to anyone with knowledge of a phone number. It is unclear whether the vulnerability has been exploited, says security company Intel471 Ars that it has not found any discussions about this particular vulnerability in forums commonly used by hackers and criminals. But the report points out that there is no way of knowing if the leak has been exploited on a smaller scale.

Ars Technica’s the full report is available at this link.

Today’s best deal This automatic jar opener went viral on TikTok and people are flooding Amazon to get one! Price:$ 48.99 BGR is available from Amazon and can receive a commission Buy now Available at Amazon BGR can receive a commission