SECURITY
SECURITY
SECURITY
Assist Wireless exposes customer licenses, passports and Social Security numbers
Assist Wireless LLC, a U.S. mobile virtual network operator that provides phone services to the underprivileged with government support, has suffered a data breach with customer records found exposed online.
The exposed customer data was discovered by security researcher John Wethington and first reported today by TechCrunch. Remarkably the data itself was found through a simple Google search result and included tens of thousands of customer documents, including driver licenses, passports and Social Security numbers that customers used to verify their eligibility for a free phone and plan.
Before going public, TechCrunch reached out to Assist Wireless and the documents have been removed. The company had not published a breach disclosure on its website at the time of writing but did confirm the leak. It said it was the result of the third-party plugin Imagify placing backups of images in a separate folder that was not secure.
“Assist Wireless takes security and consumer data very seriously,” the carrier told TechCrunch. “We are hiring a third-party security firm to provide us with a thorough security audit and subsequent consultation on ensuring customer data is as safe as possible moving forward.”
Robert Prigge, chief executive officer of identity verification solutions company Jumio Corp. told SiliconANGLE that the data equips fraudsters with all the information they need to take over wireless accounts, but it doesn’t stop there.
“This information can be used to access bank accounts and combined with other information on the dark web to access social media profiles, email accounts and more,” he said. “As the exposed information was directly connected to a user’s cell phone account, fraudsters can make a strong case with Assist Wireless that the phone was lost or stolen, convincing them to activate a new SIM card connected to the legitimate user’s phone number on a phone owned by the fraudster.”
That’s worrisome, he added, because “this SIM swapping would further grant the fraudster control over the user’s accounts, allowing them to request account verification codes/links be sent to the device. Once logged in, fraudsters can easily transfer money from bank accounts, post offensive content from the user’s social media profiles, send fraudulent emails on behalf of the user and even change passwords to lock legitimate users out entirely.”
Photo: Assist Wireless
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
