At a glance.
- Google Fi data exposed in T-Mobile breach.
- Planet Ice hackers skate away with customer data.
- ChatGPT clones steal user data.
Google Fi data exposed in T-Mobile breach.
As we previously noted, mobile communications giant T-Mobile suffered a massive data breach last month that impacted approximately 37 million customers. Yesterday Google’s telecommunications service, Google Fi, informed its customers that their data were involved in the breach. As Chrome Unboxed explains, Fi utilizes three separate service providers – T-Mobile, Sprint, and US Cellular – to support its services. Fi notes that while no personally identifiable information was exposed, the impacted data include user plan information, SIM card serial number, and account status. It’s unclear whether all Fi customers or just a portion of them were affected by the breach. TechCrunch notes that although some of Fi’s notification emails told customers that there is “no action required,” at least one customer claims the notification they received said that their phone number had been briefly hijacked. The claim has not yet been verified.
Lior Yaari, CEO and co-founder of Grip Security, commented on the incident. The T-Mobile breach had sequelae; the Google Fi can be expected to have them, too:
“The data stolen in this breach is going to fuel numerous attacks in the future. However, the victims can take a little solace that their payment information or PINs were not stolen. The hackers can potentially still do a lot of damage by having access to the users’ phone numbers and SIM serial card numbers, including taking over your phone number. At minimum, affected customers should consider changing out their SIM card to protect themselves. Once the hackers take over your phone number, they can use it for illicit purposes or even bypass two-factor authentication that uses SMS. Given the serious nature and impact of the breach, it’s surprising that Google has not disclosed the number of customers impacted, like what we have seen in other major breaches.”
Planet Ice hackers skate away with customer data.
UK ice skating rink operator Planet Ice says a recent data breach resulted in the theft of the personal data of more than 240,000 customers. As Bitdefender recounts, last week users of Planet Ice’s online ticketing platform received a message explaining that the platform’s servers were "experiencing unplanned server downtime." Then some customers say they received emails from Planet Ice stating that its "Ice Account" system had been breached, giving unauthorized parties "external access to the non-financial areas of the system." According to the HaveIBeenPwned project, the exposed data include dates of birth, names, and even the genders of children who hosted parties at Planet Ice rinks. Email addresses, street addresses, IP addresses, phone numbers, passwords and purchase details were also compromised. Planet Ice says that it has notified the Information Commissioner's Office (ICO) about the incident and an investigation is underway. Some customers have already taken to social media to question why they first learned of the breach not from Planet Ice, but from HaveIBeenPwned or media reports.
ChatGPT clones steal user data.
Anyone on the internet in recent months has heard of ChatGPT, the popular artificial intelligence-fueled chatbot launched by OpenAI. As inevitably happens, cybercriminals are attempting to exploit the platform’s fame for theft. HackRead reports that several fake ChatGPT clone apps have appeared on iOS and Play app Stores, and users who attempt to download them are unwittingly sending their data to remote servers controlled by hackers. Researchers say one of the fraudulent apps, cleverly called ChatGPT AI Writing Assistant, has already racked up over 100,000 downloads. All of the clone apps feature code that could allow for access to users’ location, camera, photos, videos, and read/write storage. Three of the fakes ask for recording audio permission, even though in-app speech functions are unavailable, and some even charge for access to ChatGPT, which is available online for free.