Mobile Virtual Network Operator Q Link Wireless had its customers’ personal details accessible through a mobile application anyone could use…
A small MVNO service with about 2 million US subscribers was the target of a data “hack.” Just a few months ago, a Reddit user discovered the security flaw and attempted several times to report it. But, the alarm didn’t go off with the carrier until Ars Technica followed up on the allegation and that might have convinced the wireless company to finally fix the security issue.
Mobile Consumers Subscribing to Q Link Wireless might be Victims of a Data Breach
Mobile Virtual Network Operator Q Link Wireless was the target of a data breach through its proprietary My Mobile Account app. Anyone could install said app and enter a customer’s phone number. Doing so only required a subscriber’s number but no password was needed. The mobile app provided a plethora of information, including customers’ first and last names, home addresses, phone call histories, text message histories, account numbers, email addresses, as well as the last four digits of the associated payment cards.
Fortunately, app could not be used to make any changes to someone’s account. It also couldn’t cause harm to the phone number via a SIM swap or locking someone out. However, such information could allow spying on someone else.