cyber Breach

Freedom Mobile

May 8, 2023 1 min read
Freedom Mobile

A hacker using the alias NullHumanity claimed that they had managed to identify a flaw in the customer login system of Freedom Mobile.

It claims to obtain private details of customers including their phone number, address, call history and other information effortlessly.

The hacker made claims on Freedom subreddit along with posting a screenshot of the code to prove successful brute forcing of Freedom Mobile’s user logins.

Hacker further claimed that the customer login system has been “forced to the Phone Number/PIN model,” which cannot be modified by the support center of the carrier as well.

The hacker also stated that currently 2,000 at-risk accounts have been identified on Freedom Mobile’s MyAccount page but he does not intend to exploit them.

Source: https://www.hackread.com/hacker-extracts-customer-data-from-canadian-telecom/

TPRM report: https://scoringcyber.rankiteo.com/company/freedom-mobile

"id": "fre21557622",
"linkid": "freedom-mobile",
"type": "Data Leak",
"date": "02/2018",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 2000,
                        'industry': 'Telecommunications',
                        'name': 'Freedom Mobile',
                        'type': 'Telecommunications'}],
 'attack_vector': 'Brute Force',
 'data_breach': {'number_of_records_exposed': 2000,
                 'personally_identifiable_information': ['Phone Number',
                                                         'Address'],
                 'type_of_data_compromised': ['Phone Number',
                                              'Address',
                                              'Call History',
                                              'Other Information']},
 'description': 'A hacker using the alias NullHumanity claimed that they had '
                'managed to identify a flaw in the customer login system of '
                'Freedom Mobile. The hacker claims to obtain private details '
                'of customers including their phone number, address, call '
                'history, and other information effortlessly.',
 'impact': {'data_compromised': ['Phone Number',
                                 'Address',
                                 'Call History',
                                 'Other Information'],
            'systems_affected': ['Customer Login System']},
 'initial_access_broker': {'entry_point': 'Customer Login System'},
 'motivation': 'Unspecified',
 'post_incident_analysis': {'root_causes': 'Weak authentication mechanism'},
 'references': [{'source': 'Freedom subreddit'}],
 'threat_actor': 'NullHumanity',
 'title': 'Freedom Mobile Customer Login System Vulnerability',
 'type': 'Unauthorized Access',
 'vulnerability_exploited': 'Weak authentication mechanism (Phone Number/PIN '
                            'model)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.