21.4 C
New York
Friday, February 26, 2021

Latest Posts

Movie "A Quiet Place" – A Fear Called Noise

It is often said that the forbidden fruit is always the most desirable. And the viewer,...

Nagrace HPH NT-N3 TV Box Android KitKat 4.4.2 custom firmware Download

This firmware is for Nagrace HPH NT-N3 TV Box with Rockchip RK3066 CPU Categories: Firmware, Tools, Recovery Click to Download Android KitKat 4.4.2 custom firmware for Nagrace HPH...

125W charging on your smartphone is coming soon!

OPPO is one of the brands that is investing heavily in the evolution of battery charging...

AMD and Bethesda Announce Partnership at Game Developers Conference

It was this week that at the "Game Developers Conference" AMD and Bethesda - known for...

Report: Data from more than 1.5 million Freedom Mobile users at risk

The entertainment box research team recently discovered that Freedom Mobile was facing a massive data leak.

ENTERTAINMENT BOX researchers led by hacktivists Noam Rotem and Rahn Lokar discovered a   vulnerability revealing personal data of up to 1.5 million active Freedom Mobile users. Freedom Mobile (formerly Wind Mobile) is Canada’s fourth-largest wireless provider.

His database was completely unprotected and unencrypted. Among other things, the data contained credit card numbers and CVV. Hack detection time and response

  • April 17th: We detected a Freedom Mobile data leak.
  • April 18th: We informed Freedom Mobile by email of a serious data leak. We did not receive a response.
  • On April 23: We again tried to contact Freedom Mobile.
  • April 24th: Freedom Mobile has finally answered our letters.
  • April 24th: Freedom Mobile stopped the data leak.

Examples of records in the database

Like unprotected database Gearbest Elasticsearch, database by Freedom Mobile was completely unencrypted. We had full access to over 5 million records owned by 1.5 million users.

This data, apparently, reflects any actions committed in the account, taking into account the numerous entries of each user.

Personal data that has been disclosed:

  • E-mail address
  • home and mobile number
  • home address
  • Date of Birth
  • customer type
  • The IP address associated with the payment method
  • unencrypted credit card and CVV numbers
  • credit responses from Equifax and other corporations with justification for rejection/acceptance

We also had access to account numbers, subscription and billing dates, and customer service records, including locations.

Some records contained information from the Equifax database, namely information about credit history, creditworthiness and credit card accounts.

The consequences of a data leak

Oddly enough, Freedom Mobile prides itself on its high degree of privacy. This is even indicated in the own data column on their Twitter:

However, he clearly leaked his customer data.

Upon discovering this, we quickly notified Freedom Mobile about this issue. Having not received an instant response from them, we turned to colleagues on another security site with a request to help us contact Freedom Mobile in case our letters were spammed. But later it turned out that still, this was not the case.

Due to ethical considerations, we did not download information from the database, so we do not know exactly how many people were injured.

However, we were able to access at least 5 million unprotected records.  At least 1.5 million subscribers have signed up for Freedom Mobile, and its parent company is owned by Shaw Communications, which has more than 3.2 million customers throughout Canada. This is arguably the largest data leak Canadian companies have ever encountered.

It’s rare to find a leak that contains both credit card information and CVV numbers, especially with this massive privacy violation.

Because this leak includes unencrypted credit card information, Freedom Mobile potentially violates PCI Payment Card Industry compliance rules. This can lead to serious consequences in reality for both the company and its users.

Hacking Dangers

Owning a database containing credit card information, dates of birth, full names, addresses and phone numbers make it easy to carry out credit card fraud and identity theft. This can cost users, their banks and insurance companies hundreds of thousands of dollars.

An unencrypted database containing personal information is a valuable resource for hackers. Access to addresses, emails, phone numbers and credit information can help attackers implement complex phishing schemes.

Owning credit information, attackers can also carry out attacks in order to extort ransom since they know who owns large amounts of money.

Even the most vigilant user will not be able to protect themselves from a company that keeps its data insecure. The best option is to use a temporary card, account, or CVV numbers that are associated with your account. Read our complete guide for more information.

About us and previous reports:

ENTERTAINMENT BOX is the world’s largest VPN review website. Our research lab is a free service that seeks to help the online community protect themselves from cyber threats by teaching organizations how to protect the data of their users. We recently discovered a massive data leak affecting 80 million households in the United States. We also found out that Gearbest was facing a huge data leak. You can also read our VPleakage reports and data protection statistics.

Latest Posts

WhatsApp celebrates 12 years and shares important metrics

WhatsApp is the platform of choice for more than two billion users worldwide (data from Statista),...

Google Pixel 6 may use the same main lens as the Huawei P50

We are still a long way from the official announcement of Google Pixel 6. However, rumors...

Xiaomi presents the new range of smartphones Redmi K40

Xiaomi today presented (25) three new Android smartphones, the Redmi K40, K40 Pro + it's the...

New RedmiBook Pro are official. Elegance and power define these notebooks

The computer segment receives a new pair that promises to make a splash. The new...

Don't Miss

Can I crack a VPN service? Detailed review

We examined the features of VPN services and evaluated how vulnerable they are to hackers. What is a VPN? Virtual Private Network (Virtual Private Network, hereinafter simply...

3 best VPN extensions for Safari in 2020

Looking for a quality, reliable, and convenient VPN extension for your Safari browser? We tried to find them ourselves and are ready to admit that this...

How to create an HMA account

Create an HMA account Before you proceed, we recommend that you read the HMA VPN reviews from our readers. In this article, you will lern...

5 best FREE VPNs for secure torrenting

Even though torrent trackers are mainly associated with software piracy, the truth is that sharing torrent files is not illegal: you cannot only upload copyrighted...

Samsung: here are the Galaxy protected by Knox and certified by GNS

Samsung UK again obtains the security certification from the National Security Office (GNS) for a set...
%d bloggers like this: