SIM Swapping Issues At Mint Mobile

Yesterday, Mint Mobile’s co-founder, Rizwan Kassim, posted to Reddit acknowledging recent security issues. Here’s the key excerpt:

We’ve been reading your inquiries around the recent security concerns. Despite deeply wanting to respond to your questions, we haven’t been able to due to some pretty rigid compliance regulations around what we can share publicly, especially while we engage with law enforcement.

So what happened? We can’t share much, but in short, Mint Mobile was the victim of a social engineering incident last month that impacted a small number of subscribers. We have been in contact with impacted subscribers and quickly restored their services. We also continue to investigate this incident.

The post is sparse on details, and I don’t entirely accept Mint’s claims about being unable to share further information. However, Mint deserves credit for making the post and pinning it to the top of the r/MintMobile subreddit.

As best as I can tell, something happened almost a month ago that led to Mint subscribers becoming victims of SIM swap attacks. At least two reports surfaced to Reddit. I’m suspicious a significantly larger number of customers were affected, and I’ve asked Mint to clarify.

About a month ago, Mint also had an incident where a large number of subscribers received unexpected password reset notifications. I think that incident was unrelated to the recent SIM swapping, but I’m not sure.

Mint’s Ticking Time Bomb

Mint walked into its latest security troubles. I wrote the bit below over a year ago:

A Reddit user suggests Mint Mobile’s policies may leave subscribers vulnerable to SIM-swap attacks. I haven’t dug into it, but it looks like a real issue.

While searching through old Reddit posts this morning, I realized Mint subscribers were regularly talking about this security issue for at least two years. Lots of Reddit posters have asked Mint to implement two-factor authentication or secure PINs for porting numbers. Here’s one notable example from six months ago:

Mint does NOT have pins to protect against SIM swap attacks, sadly. It’s really their only defect, and it’s a massive one.

Mint really, really, really needs to add the ability to have a user-set PIN (that they store in their system as a hash, so no one inside can ever see the PIN plaintext, just confirm that you have the right one)…It is totally mystifying to me and other security professionals why r/rizwank [Rizwan Kassim, Mint co-founder] is setting himself and the otherwise-great company he created up for massively bad publicity and legal expenses when his users get hacked en masse by eastern european mafiosos. As Mint grows this is inevitable as long as Mint refuses to implement PINs.

For quite a while, Mint has claimed to be interested in adding security features. The latest issues may lead the company to prioritize actually releasing something.

Car side-view mirror looking back on a highway

Mint’s 25 Years For $2,500 Promo In Retrospect

Yesterday, Mint Mobile ran a one-day promotion offering 25 years of service for an upfront payment of $2,500. In my previous blog post, I argued it wasn’t a good deal. I stand by that. However, part of my post didn’t hold up well:

I won’t be surprised if people who buy the 25-year plan eventually get bought out early. I also won’t be surprised if no one buys the plan and we never figure out what might have happened.
I missed the mark. Here’s a tweet from this morning:

I don’t think Mint’s finance guys are actually mad at Ryan Reynolds. If they are mad, Mint might want to find new finance guys.

When I wrote my blog post yesterday, I hadn’t seen a disclosure Mint made acknowledging that the allegedly 25-year plans might involve early terminations and buyouts:

Pricing, terms, and conditions (including all Terms & Conditions listed here) are subject to change and may be modified or terminated at any time without notice, unlike Bobby’s other deal. Mint Mobile reserves the right to buy back The Bobby Bonilla Plan under certain conditions. But we’re mostly just impressed that you’re interested, honestly.

It’ll be interesting to see what happens.

Abstract clock

Prepay For 25 Years of Service With Mint Mobile

Mint Mobile is offering what’s possibly the goofiest one-day promotion I’ve ever seen. Customers can pay $2,500 upfront for 25 years of service. Here’s how Mint explains the deal:

At Mint Mobile, we don’t like contracts. Because most wireless customers don’t like contracts. But today, we’re making a one-time, one-day exception.

Years ago, former pro baseball player Bobby Bonilla signed one of the most famous contracts in sports history, ensuring he would be paid more than $1 million every July 1st for 25 years. So to celebrate Bobby’s big payday, we’ve partnered with him to offer the Bobby Bonilla Plan:

25 years of Mint Mobile premium wireless service for just $100 a year. That’s right, you can lock in Mint Mobile until it’s time to move to Mars.

You can find more information or order the plan on Mint’s website. As best as I can tell, the plan is real. Besides the unusual time commitment and the price tag, the plan looks identical to Mint’s usual plan with 4GB of data, unlimited minutes, and unlimited texts.

An Awful Deal

25 years for $2,500 works out to roughly $8 per month, about half the usual price of Mint’s 4GB plan. It’s an awful deal though. Every $1,000 invested at 8% interest will be worth close to $5,000 after 25 years.

Perhaps more interestingly, it’s unclear if Mint can honor the plan through the full term. Companies get acquired or go out of business regularly in this industry. Mint probably won’t be around in a few decades. I won’t be surprised if people who buy the 25-year plan eventually get bought out early. I also won’t be surprised if no one buys the plan and we never figure out what might have happened.


Disclosure: Mint is offering me a big commission if I refer a customer to this plan. Seriously though, don’t buy it.

7/2/2021 Update: The promotion is now over. I shared a follow-up post here.

More Data Coming To Mint Mobile

Mint Mobile just announced that it will soon offer more data on some of its plans. The carrier’s prices won’t change.

Right now, Mint offers 3 plans with fixed data allotments (all the plans include unlimited minutes and texts):

  • 3GB per month – As low as $15 per month
  • 8GB per month – As low as $20 per month
  • 12GB per month – As low as $25 per month

Starting January 28, the monthly data allotments will increase between 1GB and 3GB:

  • 4GB per month – As low as $15 per month
  • 10GB per month – As low as $20 per month
  • 15GB per month – As low as $25 per month

I assume the data increase will be available to both new customers and existing customers, but I haven’t confirmed. As far as I know, there will be no changes to Mint’s unlimited plan.

Ryan Reynolds, an owner of Mint, shared a video about the upcoming change:

eSIM abstract

Mint Mobile Officially Launches eSIM

In November, Mint Mobile started offering eSIMs to a small subset of its customers. Earlier this week, Mint opened its eSIM product to all customers with eSIM-compatible iPhones.

Compatible Phones

Mint eSIMs work with all recent iPhone models:

  • iPhone XR
  • iPhone XS
  • iPhone XS Max
  • iPhone 11
  • iPhone 11 Pro
  • iPhone 11 Pro Max
  • iPhone SE (second generation)
  • iPhone 12
  • iPhone 12 mini
  • iPhone 12 Pro
  • iPhone 12 Pro Max

Mint doesn’t support eSIMs for any Android phones yet. Here’s what Mint’s cofounder, Rizwan Kassim, said when asked about eSIMs for Android devices:

There are relatively few Android devices in our base that support eSIM. OS support, app support and documentation are all better starting grounds for iOS as well.

Supporting Android is on the roadmap (Mid-2021), but it’ll be specific per device model and a slower rollout.

Getting an eSIM

Here’s how Kassim explains the process for switching to an eSIM:

Physical SIM to eSIM –

First, make sure you have the most recent update of the app.

Login to the app > tap on “Account” > select “Order Replacement SIM.” You’ll be asked to provide a form of payment for your replacement SIM; but you won’t be charged anything at completion.

Select “Get an eSIM” as your option (please note that this option will only be visible on an eligible device)

Select “This is my new device” and make sure that you are using the device that you want to install eSIM on.

Tap “Checkout”

Once it’s processed, you will be prompted to install your eSIM. Please follow the steps carefully to set your eSIM.

Once it’s installed, you’re done.

Kassim suggested new customers who want an eSIM should select eSIM as a shipping method during checkout. In my testing, I didn’t see an eSIM option. I expect the issue will be resolved soon.


Visit Mint’s website


Mint Mobile Testing Premium “Treatmint” Support Program

A user on Reddit recently shared a glowing review of a premium support program Mint Mobile is testing. Here’s an excerpt:

Just participated in Mint Mobile’s white glove support program called Treatmint.

Totally rocks! live human support seven days a week…Best tech support I have ever received from any carrier. Totally knowledgeable about carriers, devices, LTE bands, settings.

It’s great to see Mint experimenting with potential improvements to the customer support experience. I’d love to have more carriers buck the norms of lousy support, convoluted phone trees, and long hold times.

As best as I can tell, Mint is considering using Treatmint as an add-on service or a perk on premium plans. The idea of allowing subscribers to pay for better support is interesting. There’s an argument that charging for good support is both fair and efficient. Some people rarely call customer support and try their hardest to resolve issues without help. Does it really make sense for these people to subsidize the costs of subscribers that call customer support regularly?

On the flip side, I worry that a premium support program could create perverse incentives. Carriers charging for premium support might let the quality of their regular support decline so that more people pay for premium service.

eSIM concept photo

Mint Mobile’s eSIM Rollout

Mint Mobile is starting to rollout eSIM plans. Yesterday, a Reddit user posted a screenshot of a text conversation with a Mint Mobile support agent. In the discussion, the agent stated, “We will be offering eSIM soon, for iPhone X and above.”

The information the chat representative shared can’t be entirely accurate since the iPhone X doesn’t support eSIMs. I’m guessing Mint will initially support eSIMs on all iPhones released after the iPhone X.

Rizwan Kassim, a co-founder of Mint, eventually commented on the Reddit thread. Kassim confirmed that eSIM was coming and attempted to temper people’s expectations:

Before everyone goes ballistic … let the thing actually come out and I’ll share more then. =)

Whatever happens, it’ll be a phased rollout and won’t be available in all places to all people immediately. but soon thereafter.

Today, another Reddit user shared that he or she successfully ordered eSIM-based service. While the rollout of eSIM has started, Kassim’s point about the phased rollout looks accurate. My attempts to order eSIM service (or even find an eSIM option) were unsuccessful.

Mint Mobile’s Pre-Black Friday Promo

Today, Mint Mobile launched a promotion where new customers can purchase a three-month plan and get three extra months of service at no cost. The latest promotion stacks with Mint’s existing introductory offer allowing new subscribers to buy three months of service at the monthly rate normally reserved for subscribers that purchase twelve months of service upfront.

Mint Mobile promotional image for the pre-Black Friday deal

With the combined offers, Mint’s plan with 3GB of data, unlimited minutes, and unlimited texts costs only $45 for six months (or $7.50 per month). While I haven’t seen an official end date for the latest promotion, I expect it’ll run until at least Black Friday (November 27).

Pricing

Total prices for six months of service (before taxes and fees):

  • 3GB plan – $45
  • 8GB plan – $60
  • 12GB plan – $75
  • Unlimited plan – $90

Effective monthly prices for the first six months (before taxes and fees):

  • 3GB plan – $7.50
  • 8GB plan – $10
  • 12GB plan – $12.50
  • Unlimited plan – $15

The final price of Mint’s services will typically be about 10% higher after taxes and fees. You can find additional details or subscribe on Mint’s website.

Man holding a ruler

Mint Mobile Pushes Back On Charging For Data Subscribers Don’t Use

In September, Mint Mobile launched an unlimited plan. The plan is a good deal with a price as low as $30 per month, but I’ve been critical of Mint using the word “unlimited” to describe a plan that actually includes 35GB of data each month.

Yesterday, one of Mint’s owners, Ryan Reynolds, shared a video about an upcoming feature on Mint’s unlimited plan. Soon, Mint will begin recommending that light and moderate data users on the unlimited plan renew to cheaper plans with smaller data allotments. Here’s how Mint explains it:

What if you don’t really need unlimited? Seriously, if you don’t, we can help you save even more money with Mint…we’re gonna be sending you monthly updates showing you exactly how much data you’re using. You can also check your data usage in the app. Then, when it’s time to renew your plan, we’ll recommend the perfect plan for you so you can save as much money as possible. And if that means you should downgrade into something that isn’t unlimited, then we’re gonna suggest you do so. BTW, the average person only uses about 6GB per month.

But wait, don’t most big wireless companies try to upsell me even if I don’t need it? Yes, they certainly do…but luckily, we’re not them. Our whole thing is to make sure you get premium wireless for less. Because if you’re only using 5, 6 or even 9 GBs a month, you shouldn’t be paying more for an unlimited plan you don’t need.

I’m glad to see Mint pushing against the industry’s trend towards unlimited plans for everyone. You can see Ryan Reynolds full announcement below:

Data Outage Affecting Some Mint Mobile Subscribers

A data outage has been affecting some Mint Mobile subscribers throughout the day. One of Mint’s co-founders, Rizwan Kassim, posted about the issue on Reddit:

An upstream error seems to have caused data provisioning errors for a number of subscribers.

It’s being worked, they don’t have a root cause yet, but I know this has been escalated. Down Detector showing issues on our carrier as well; not sure if it’s related or not.

I strongly think, but do not know, that this has nothing to do with the iOS 14 upgrade many of you installed today.

Based on reports I’ve read from Mint subscribers, the issue appears widespread geographically. I don’t know what proportion of Mint’s subscriber base is affected.

Kassim’s Reddit post suggests the issue may also be affecting T-Mobile. While Downdetector shows a slightly unusual level of issues associated with T-Mobile, I don’t think Downdetector’s data is consistent with a large-scale problem for T-Mobile subscribers.

I did a bit of my own digging for T-Mobile subscribers’ complaints about the networks’ performance today. I didn’t run into anything out of the ordinary.