Bad news for customers of Canada’s fourth-largest wireless communications provider Freedom Mobile (formerly Wind Mobile). Security rearchers discovered a breach which exposes up to 1.5 million active Freedom Mobile users’ personal data.
vpnMentor‘s research team, led by hacktivists Noam Rotem and Ran Locar, recently discovered that huge data breach of provider Freedom Mobile. It was an totally unprotected and unencrypted database, that contains 1.5 million customer data, includeing credit card and CVV numbers. The personal data exposed includes:
- email address
- home and mobile phone number
- home addresses
- date of birth
- customer type
- IP address connected to payment method
- unencrypted credit card and CVV numbers
- credit score responses from Equifax and other corporations, with reasons for acceptance/rejection
The security researcher could also access account numbers, subscription dates, billing cycle dates, and customer service records including locations. Some entries also included data from an Equifax database. This included information on credit scores, credit class, and credit card accounts.
( Freedom Mobile Database records, Source: vpnmentor.com, Click to zoom)
The bad, the worse and the ugly
According to vpnmentor, Freedom Mobile prides itself on offering high levels of privacy. On Twitter the company use the profile header shown below:
Hm, I think that’s not in correlation what vpnmentor researcher found. And now the ugly side: The leak has been discovered on April 17, 2019, but initial e-mail from April 17 to Freedom Mobile didn’t provide any result. Only the 2nd contact attempt on April 23, 2019 leds to a reaction, and the databreach was closed on April 24, 2019. Further details may be read here.