StarHub under probe for Giga e-SIM security breach

[BuiBuiForeverAlone]

StarHub under probe for Giga e-SIM security breach; hackers tapped one user's phone to access banking info

SINGAPORE, Dec 7 — The Infocomm Media Development Authority (IMDA) is investigating telco giant StarHub for failing to verify the identity of users requesting to port their Giga e-SIMs, Singapore's mainstream newspaper reported.

The lapse in security allowed hackers to take control of at least one customer's phone line, gaining access to sensitive information, including banking SMS One Time Passwords, according to The Straits Times.

Giga is StarHub's budget sub-brand offering e-SIMs as a convenient alternative to physical SIM cards.

IMDA confirmed that StarHub did not fully implement necessary identity verification measures when re-issuing e-SIMs via its app, which is now under investigation.

The newspaper cited an unnamed IMDA official saying that mobile operators must verify user identities using Singpass or photo IDs when issuing or porting both SIM and e-SIMs.

Experts warned that without proper verification, e-SIMs can be easily hijacked if hackers access personal details through phishing or leaked databases.

e-SIMs, which are remotely loaded onto devices, are becoming increasingly popular due to their convenience, allowing users to avoid physical SIM cards.

The Straits Times reported an unnamed Giga spokesman said that customer security and privacy are top priorities, and the company is working closely with IMDA on the matter.

IMDA further noted that best practices include implementing two-factor authentication for telco apps like Giga, which has since been applied.

Consumers are also encouraged to adopt strong cybersecurity practices, such as using unique passwords for different accounts to safeguard their personal information.

https://malaysia.news.yahoo.com/starhub-under-probe-giga-e-032503357.html

[BuiBuiForeverAlone]

If there's a security breach with the provider's database, the users totp secrets are most likely to be leaked to hackers. Totp is a shared secret between the end user and provider.

[Arctic]

Ownself check onwself

Anyway, I ported out from Starhub and Giga liao

[FireOpal]

Scarli sweep under the carpet this time. 
Every year we see few thousand fraudulent banking transactions, MAS got punish the banks? 

[Tuna seng]

Ceca ceo bring their smoke customers and lax culture here. My technical issues dragged for a week never promised to call back but no call. Everyone speak to different cso have to start same old shit all over again

[Risa]

dun dare to use this e-sim thingy