Users of virgin mobile must pay attention as the data in your mobile phones is not safe anymore. Your phone number is the main key to your personal information. According to Kevin Burke, who warned Virgin Mobile USA customers about a conspicuous security hole in the phone company's account login protocol said, "If you are one of the six million Virgin subscribers, you are at the whim of anyone who doesn’t like you."
USA users of Virgin Mobile manage their account by logging in through an online portal, which requires a mobile number and a 6-digit pin. Once inside, customers can check their call records, change the handset associated with their number, and update their personal details.
In a blog post on Monday, Kevin Burke explained how the account system used by mobile users for accessing their account information is vulnerable to attacks by the hackers.
In a blog post, burke said , "It is trivial to write a program that checks all million possible password combinations, easily determining anyone's PIN inside of one day, I verified this by writing a script to 'brute force' the PIN number of my own account." For comparison, an 8-letter password with uppercase letters, lowercase letters, and digits has 218, 340, 105, 584, 896 possible combinations, Burke said.
Burke further explained that after several phone and email exchanges with parent company Sprint in which he attempted to warn them about the exploit, he was ignored and his concern was discarded. That's when he decided to expose the flaw to the public.
The Sprint spokeswoman said that the company maintains confidentiality about its security measures, but noticed that customer accounts are monitored constantly for some illegal or inappropriate activity.
"We greatly appreciate Mr. Burke's outreach to the company and are reaching out to him as well," she said. "His inquiry did enable us to even further secure our customers' accounts."
Virgin Mobile USA's Manage My Account portal is down as of Wednesday, September 19, 3:34 p.m. AEST (Tuesday, September 18, 11:34 p.m. PT). Virgin Mobile Australia also uses a 6-digit PIN system for customers to access their account online. It stressed that while both companies operate under the Virgin Brand, Virgin Mobile Australia is a completely separate entity to Virgin Mobile USA. Virgin Mobile Australia ensured that its customer’s details are secured.