[BreachExchange] Sprint customers say a glitch exposed other people's account information

Destry Winant destry at riskbasedsecurity.com
Thu Mar 21 10:39:11 EDT 2019


https://techcrunch.com/2019/03/18/sprint-account-leak/

Several Sprint  customers have said they are seeing other customers’
personal information in their online accounts.

One reader emailed TechCrunch with several screenshots describing the
issue, warning that they could see other Sprint customers’ names and
phone numbers. The reader said they informed the phone giant of the
issue, and a Sprint representative said they had “several calls
pertaining to the same issue.”

In all, the reader saw 22 numbers in a two-hour period, they said.

Several other customers complained of the same data exposing bug. It’s
unclear how widespread the issue is or for how long the account
information leak persisted.

Kylie B-C at notthatkylie
Logged in to pay my @sprint bill, saw what looked like the details of
another user. Did this 3 times. I called, rep said they’d been getting
other similar calls. Advice on clarifying if this is the privacy
breach it looks like? @EFF @publiccitizen @NCLC4consumers @eyywa
2
9:38 AM - Mar 14, 2019


Thelma Cheeks at Tcheeksiamhair
@sprint are you having a known issue with your website?! I’m trying to
set permissions on my account and some other damil’s information is on
my account!
2
8:02 PM - Mar 18, 2019


Madeline Finch at themadfinch
If you are a @sprint customer please be aware that there has been a
data breach. I have logged on to my account twice and both times have
seen other customers’ devices. A phone call with @sprintcare resulted
in them hanging up on me.
3
7:30 PM - Mar 18, 2019

Another customer told TechCrunch how the Sprint account pages were
initially throwing errors. The customer said they scrolled down their
account page and saw several numbers that were not theirs. “I was able
to click each one individually and see every phone call they made, the
text messages they used, and the standard info, including caller ID
name they have set,” the customer told TechCrunch.

Of the customers we’ve spoken to, some are pre-paid and others are contract.

Sprint spokesperson Lisa Belot confirmed the bug in an email Tuesday.

“Last night, a technical issue with Sprint.com allowed a limited
number of customers to view some information associated with other
Sprint accounts,” she said. “The issue was immediately flagged and our
internal teams worked to correct the problem.”


More information about the BreachExchange mailing list