If you use the HelloMobile prepaid wireless service, you may be concerned about the recent data breach involving the company‘s official app. As an expert in online privacy, I want to provide some insights on what happened, who‘s affected, and most importantly, what you can do to protect your personal information. This guide will break down everything in a friendly, easy-to-understand way.
Summarizing the Basics of the Breach
HelloMobile is a wireless carrier owned by Q Link Wireless with over 2 million customers nationwide. Back in February 2021, users of the HelloMobile app called "My Mobile Account" started noticing something was wrong. People posted on Reddit that by simply entering a registered phone number, they could access other customers‘ sensitive personal data like call logs, texts, location, and even some financial information. Despite these complaints, HelloMobile apparently failed to address the problems.
Quantifying the Large Scale of Affected Users
With over 2 million customers, this app breach impacts a massive number of people. For context, it‘s significantly larger than the 2017 breach of the Exactis marketing database which exposed 340 million records. Ensuring all HelloMobile users are informed and know how to protect themselves needs to be a top priority.
Previous Apps Caught Mishandling User Data
Unfortunately, HelloMobile is just the latest example in a long trend of apps exposing user data instead of protecting it. For example:
-
In 2019, theweatherchannel app was found to be selling location data to third parties, impacting around 45 million users.
-
Also in 2019, exodus-privacy reported that over 250 Android apps had been collecting and sharing personal data with Facebook without consent.
-
In 2018, a flaw in the Twitter Android app gave access to direct messages of over 4.6 million users.
The list goes on and on. It‘s clear mobile users need to be cautious and practice good privacy habits when using apps.
Types of Your Personal Data at Risk
Reports showed that by simply entering a phone number, someone could access HelloMobile users‘:
- Full name
- Email address
- Call/text history
- Approximate location
- Partial debit/credit card number
- Account number
This level of access is extremely dangerous. Call logs contain who you‘ve communicated with, when, and for how long – very private information. Text messages may contain anything from personal conversations to passwords for other accounts. Your name, email address, and location linked to your phone number make identity theft easier. And partial debit/credit card data provides clues for someone to guess the full number and commit payment fraud.
Practical Tips to Secure Your Account
If you use HelloMobile, here are steps I recommend you take to protect your personal data:
Change Passwords
- Change your password for the My Mobile Account app, and any other accounts where you reuse that same password. Use a unique, complex password for each account.
Enable Two-Factor Authentication
- Two-factor authentication (2FA) adds an extra layer of security beyond just a password, usually by requiring a code from your phone or an authenticator app to login. Enable this for improved account security.
Monitor Accounts Closely
- Keep a close eye on your HelloMobile account activity for charges you don‘t recognize or services you didn‘t sign up for. Also watch for suspicious login attempts.
Consider Identity Theft Protection
- Given the exposure of personal information like your name, number, email, and location, identity theft protection services are worth considering. Plans like LifeLock provide monitoring to alert you of suspicious activity.
Contact Customer Support
- Make HelloMobile aware if you have concerns about your data being compromised. Press them for answers on securing accounts and compensating affected users.
What If My Data Was Already Misused?
If you believe someone already accessed your HelloMobile account info or is fraudulently using your personal data, take the following steps:
- File a report with the FBI‘s Internet Crime Complaint Center at ic3.gov
- Contact your state attorney general‘s office to report identity theft
- Notify the major credit bureaus (Equifax, Experian, TransUnion) to place fraud alerts on your credit reports
- Consult a personal data privacy attorney about legal action against negligent parties
- Request account statements from HelloMobile to monitor for suspicious activity
- Cancel your current HelloMobile account to prevent further data access
How All Mobile Users Can Stay Protected
Beyond just HelloMobile customers, any mobile app user can follow these privacy best practices:
Research Apps Before Downloading
Only download from reputable developers, and check app reviews for problems reported by others. Avoid granting access to unnecessary data.
Limit App Permissions
Don‘t give apps blanket permission to access contacts, location, photos, etc. Only allow required permissions.
Use Anonymous Accounts When Possible
For apps that don‘t need your real identity, use accounts tied to dummy email addresses and prepaid phone numbers.
Delete Old Apps and Clear Caches
Your data persists in unused apps and cached files. Routinely delete old apps and clear app caches/data.
Keep Apps Updated
Developers release security patches in updates. Enable auto-updates when possible and manually update apps frequently.
Use a VPN
A VPN encrypts all traffic from your device and hides your IP address, location, and online activities. Use one anytime you access public Wi-Fi or cellular data.
Let‘s Recap What We‘ve Learned
The recent HelloMobile app breach puts millions of users‘ personal data at risk. While alarming, this incident is part of a broader pattern of mobile apps mishandling private user information. By taking the right precautions such as changing passwords, enabling 2FA, monitoring your accounts, using anonymous accounts, limiting app permissions, and using a VPN, you can secure your data from prying eyes. As mobile users, we must be vigilant to protect our privacy.
