Lack of Verification Leads to Hackers Gaining Access to Customer Information
The Infocomm Media Development Authority (IMDA) is investigating StarHub over a security lapse involving its Giga e-SIM service, which allowed hackers to gain unauthorized access to a customer’s phone line. The lack of proper verification measures for users requesting to port their e-SIMs to a new phone led to the breach.
According to reports, one victim experienced hackers taking control of their phone line and accessing sensitive information, including banking SMS OTPs. Giga, StarHub’s no-frills sub-brand, failed to fully implement required identity verification procedures during the re-issuance of e-SIMs through its mobile app. This failure is under investigation by the IMDA.
Telcos are required by regulation to verify users’ identity, either through SingPass or by sighting physical IDs like the NRIC or work passes, when issuing or transferring SIM and e-SIM cards. This verification is crucial to prevent e-SIM hijacking, which can occur when a hacker accesses personal details via methods such as phishing or using leaked corporate data.
StarHub has since implemented two-factor authentication (2FA) on the Giga app to improve security. The company emphasized that customer privacy and security remain top priorities. The incident highlights the risks associated with e-SIMs, which, while offering convenience, also present vulnerabilities when proper security measures are not followed.
Consumers are urged to maintain strong cyber hygiene, including using unique passwords for different accounts to protect their personal information from cyber threats.
