A software developer, Kevin Burke, claims that he has found a security hole with Virgin Mobile phones that allows interception of phone calls and text messages, and then allows a hacker to lock you out of your account and to make purchases with your credit card. In a blog post, he said that vulnerability stems from the fact that the wireless carrier requires subscribers to use their phone numbers as their username and a 6-digit number as their password.
“Pretty much anyone can log into your Virgin Mobile account and wreak havoc, as long as they know your phone number,” he said, adding “there is no way to defend against this attack.”
Burke works as a developer at Twilio, which helps developers add calls and text messages to their applications. He said he reported his findings to Virgin Mobile USA a month ago, but they have not taken any measures to fix this issue. Even offered suggestive way of keeping account secure such as freezing the accounts after a said number of failed attempts.
If youre a Virgin Mobile customer, I would look into ways to make my account more secure and being more cautious of when account changes are made.