Published: May 16, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Koodo Mobile, a telecommunications company catering to the youth market, recently sent an email notice to its customers about a company data breach. It reports that Koodo Mobile brand, created by Canada’s Telus Communications in 2008, had customer data breached in February of this year. The company became aware of the breach after finding its customer data for sale on Dark Web sites. Koodo says only data from August to September of 2017 was copied and stolen. They claim an unauthorized third-party accessed their system using compromised credentials to enter and hijack the data. According to Koodo, among the stolen customer data for sale are mobile account and phone numbers that can be used to perpetrate fraud. KELA cybersecurity reports there are currently over 21,000 Koodo accounts for sale. Koodo told BleepingComputer the accounts are for sale on "a different market - one that specializes in automated selling of access to compromised accounts - currently offers over 21,000 Koodo accounts."
Among security concerns are how the stolen phone numbers can be used to redirect two-factor authentication codes (2FA) to hackers. When a victim logs onto accounts, their request for a 2FA code be sent to their phone for authentication gets sent to the hacker instead. From there, a hacker has access to banking, email, and other accounts using 2FA. In these cases, 2FA presents a problem and suggestions are to find another way to verify logins, possibly by using email, voice, or other verification options offered.
In response to the 2FA issue, Koodo enabled a “Port Protection” feature on affected accounts. This feature keeps cybercriminals from “porting” a Koodo Mobile phone number to another mobile carrier. Port Protection helps stop hackers from stealing 2FA, but only if the hacker uses a carrier other than Koodo. Koodo also has an option for the account holder to call and request the 2FA be sent to another carrier. Although that’s a start, it could also be problematic when a hacker already has the information required to convince Koodo staff that they are the true account holder. In addition, affected users should also be prepared for SMS phishing (smishing) attacks when they get texts.
In its own words, the Koodo Mobile email states “What happened: On February 13, 2020, an unauthorized third party using compromised credentials accessed our systems and copied August/September 2017 data that included your mobility account number and telephone number. It is possible that the information exposed has changed since 2017, in which case your current information is not compromised.” Let’s hope so. If not, take a few moments to change it. Even if your information was not included in this compromise, it’s best to change login credentials whenever a breach happens and you use the service offered. Be sure to use completely unique credentials and make that password super strong. Include numbers, upper and lowercase letters, and at least one special character.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org