Google is currently dealing with a cyberattack on their telecom and mobile virtual network operation (MVNO) service. Since 2016, Google Fi has been servicing what is now approximately 500K active users.
Many companies use third-party services to perform routine operations, including customer support. That means that the support team’s training and security is not funded by Google’s deep pockets, and Google doesn’t train them either. That naturally opens up a crack for hackers to slither in and try to drill into big databases like Google’s.
In this case, that’s exactly what happened.
Who Took What?
Although the tech giant has not disclosed which provider was compromised and therefore used to execute this supply chain attack, they only partner with Sprint, US Cellular and T-Mobile. The latter recently experienced a cyber-attack that exposed the data of 37M customers. Read more about the attack on T-Mobile here.
In the meantime, Google has yet to track down the perpetrator of this attack, nor have they released an update about what steps customers should take to protect their data. Customers who may have been affected by the breach should expect to receive notifications from the corporation in the coming weeks, as they work with authorities to track down who did it and what, exactly, was stolen (or potentially even leaked).
What’s Happening to Users
Since the attack, many Fi users have reported password reset notifications from places like their Outlook, cryptocurrency wallets and authentication apps. The people responsible are evidently attempting to gain access to these accounts or, if that fails, reset passwords and request multi-factor authentication codes via SMS message. This is most likely an attempt at a SIM swap attack.
SIM swap just means replacing one SIM card with another. This can be done benignly; for example, if you want to switch to a different SIM provider or upgrade your current SIM card with a new one. It lets you keep your existing phone number and data while upgrading a device. This swap can, however, be used against people too.
In a SIM swap attack, hackers steal your phone number and use it to gain access to your bank accounts or other online services. In this case, they’re trying to compromise your telecom service in the latest of a recent rise in threats against the telecommunications industry. In the case of Google Fi’s breach, the threat actors are attempting to reset your passwords via SMS code; by breaking into your phone number, the threat actor can spy on your message, see the one-time notification and gain access to your Fi account that way.
Consider changing your log-in credentials for your profile, and monitor your payment and account activity so that you can immediately flag suspicious changes. Eventually, Google Fi will release an update about what they’ve done to identify and find the attacker, and what next steps you should take (if any) to improve your account’s integrity.
This is only the latest in an upward trend of telecom services being targeted by hackers. Large organizations are not exempt from threat actors, even with top-of-the-line security teams and defenses. These days it really is a matter of if, not when, you experience a cyber event yourself! Prepare yourself by paying attention to your security awareness training and keeping abreast of breaking news in the cyber-threat landscape!