[BreachExchange] Hacker Breached Sprint Customer Accounts Through Samsung Website
Destry Winant
destry at riskbasedsecurity.com
Wed Jul 17 08:32:17 EDT 2019
https://gizmodo.com/hacker-breached-sprint-customer-accounts-through-samsun-1836426687
Many Sprint customers recently learned that their accounts were
compromised through the Samsung website.
ZDNet reports that Sprint sent a letter to affected customers
informing them of the breach. The letter, shared by ZDNet, states that
on June 22, the company learned about “unauthorized access to your
Sprint account using your account credentials via the Samsung.com ‘add
a line’ website.”
The letter informed users that the hackers may have seen customers’
“phone number, device type, device ID, monthly recurring charges,
subscriber ID, account number, account creation date, upgrade
eligibility, first and last name, billing address and add-on
services.”
Sprint confirmed the breach to Gizmodo, and said credit card and
social security numbers were not compromised as they are encrypted.
Samsung told us that its team, “recently detected fraudulent attempts
to access Sprint user account information via Samsung.com, using
Sprint login credentials that were not obtained from Samsung.” The
company said that “no Samsung user account information was accessed as
part of these attempts.”
The letter told customers they aren’t at “substantial risk” of
becoming a victim of identity theft or fraud, but, as ZDNet points
out, that statement might not be accurate.
Sprint’s letter to customers states that it reset their PIN codes on
June 25 to re-secure their accounts.
“Because Sprint takes this matter, and all matters involving our
customers’ privacy, very seriously, in addition to the initial
customer notification, Sprint is taking the extra step of separately
sending letters to impacted customers to remind them to update their
existing PINs and that a dedicated Care Team has been established for
assistance,” Sprint told Gizmodo, in a statement.
The company did not answer Gizmodo’s questions about how many accounts
were affected and when the accounts were first breached.
Sprint customer information was also compromised earlier this year.
Sprint-owned Boost Mobile told customers in May that a hacker breached
accounts using Boost.com PIN numbers and Boost phone numbers.
More information about the BreachExchange
mailing list