Earlier this week, Google announced that user accounts for its cell network service, Google Fi, had been compromised. The breach appears to have been the result of the hack on Google’s service provider, T-Mobile, which suffered a massive breach earlier this month that impacted some 37 million customers.
Google makes this incident sound fairly innocuous, but a hacker can do a whole helluva lot of stuff with your phone number. The most obvious problem would be spear phishing scams targeted at your phone. Such scams can be customized for specific targets, and if the hacker has personal data points about you, it will help them hone their phishing message. And, suffice it to say, if a user was also a T-Mobile customer who was included in the recent breach, cybercriminals would have a whole lot of ammo for such attacks.
Google Fi is a MVNO, or mobile virtual number operator, which functions just like a cell network provider. MNVO’s have some consumer benefits, like the fact that they tend to be more affordable than typical phone plans. However, MNVO’s lack their own network infrastructure. In Google’s case, it piggypacks off of the infrastructure provided by T-Mobile. Since T-Mobile’s infrastructure was compromised, it appears to have compromised Google’s as well.
Google reached out to impacted users this week and one of Gizmodo’s own editors received an email. It reads, in part:
Dear Google Fi customer,
We’re writing to let you know that the primary network provider for Google Fi recently informed us there has been suspicious activity relating to a third party system that contains a limited amount of Google Fi customer data...
The accessed information included your phone number and limited technical information. This includes information about when your account was activated, SIM card serial number, account status (for example, whether your plan is active or inactive), and limited details about the mobile service plan and options provided by your Google Fi service (such as unlimited SMS or international roaming).
Google has said that no further action is necessary for Google Fi customers. Still, Gizmodo reached out to the company for more information and will update this story if they respond.