I was reading around the net today and found this http://kev.inburke.com/kevin/open-season-on-virgin-mobile-customer-data/
Virgin mobiles 6 digit pin is beyond easy to hack via brute force, taking a day at most.
Once an attacker has your PIN, they can take the following actions on your behalf:
Read your call and SMS logs, to see who?s been calling you and who you?ve been calling
Change the handset associated with an account, and start receiving calls/SMS that are meant for you. They don?t even need to know what phone you?re using now. Possible scenarios: long distance calls to Bulgaria, texts to or from lovers or rivals, ?Mom I lost my wallet on the bus, can you wire me some money??
Purchase a new handset using the credit card you have on file, which may result in $650 or more being charged to your card
Change your PIN to lock you out of your account
Change the email address associated with your account (which only texts your current phone, instead of sending an email to the old address)
Change your mailing address
Make your life a living hell
Everyone needs to contact virgin NOW and tell them this is a ridiculous violation of their customer privacy. Tweet, call, tell your friends, and make sure you let them know that you will not stand for this BS.
Edit: more info http://www.reddit.com/r/technology/...bile_refuses_to_fix_security_hole_all/c69k4jq
Links to the original discussion on reddit, they allow you to retry your pin unlimited amount of times if you clear your cookies after 3 failed attempts.
Virgin recommends you use your birthday as your pin, so if you even barley know the person you want to hack you just have to obtain their birthday in most cases (Facebook).
Sent from my HTC Evo V 4G
This is a repost from android forums but, I think it needs to be spread.
Virgin mobiles 6 digit pin is beyond easy to hack via brute force, taking a day at most.
Once an attacker has your PIN, they can take the following actions on your behalf:
Read your call and SMS logs, to see who?s been calling you and who you?ve been calling
Change the handset associated with an account, and start receiving calls/SMS that are meant for you. They don?t even need to know what phone you?re using now. Possible scenarios: long distance calls to Bulgaria, texts to or from lovers or rivals, ?Mom I lost my wallet on the bus, can you wire me some money??
Purchase a new handset using the credit card you have on file, which may result in $650 or more being charged to your card
Change your PIN to lock you out of your account
Change the email address associated with your account (which only texts your current phone, instead of sending an email to the old address)
Change your mailing address
Make your life a living hell
Everyone needs to contact virgin NOW and tell them this is a ridiculous violation of their customer privacy. Tweet, call, tell your friends, and make sure you let them know that you will not stand for this BS.
Edit: more info http://www.reddit.com/r/technology/...bile_refuses_to_fix_security_hole_all/c69k4jq
Links to the original discussion on reddit, they allow you to retry your pin unlimited amount of times if you clear your cookies after 3 failed attempts.
Virgin recommends you use your birthday as your pin, so if you even barley know the person you want to hack you just have to obtain their birthday in most cases (Facebook).
Sent from my HTC Evo V 4G
This is a repost from android forums but, I think it needs to be spread.
Facebook
Twitter
Instagram