Sprint has informed its customers via e-mail that a security breach has exposed their personal information like billing address, phone numbers and other account data.
This vulnerability was taken advantage of by hackers via the Samsung “add a line” website. Sprint said that no credit card or social security number information has been stolen, so the risk for fraud or identity theft is limited.
Sprint was first made aware of the breach on June 22nd but only reset the PIN codes of the accounts that were affected on June 25th.
The company did not say how many accounts were affected through or for how long the information had been exposed and what the vulnerability in question actually was – after all, we’re talking about Samsung, one of the most well-known companies in the world who should, in theory, be more than prepared to handle these sort of issues.
“We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung,” a Samsung spokesperson told CNET. “We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”
This is not the first time Sprint admits to a security breach though: earlier this year, the company informed its customers that Boost Mobile, which it owns, had suffered a breach that allowed hackers to gain access to some user accounts.
Boost Mobile notified California’s attorney general of the situation back then, an action that can only undertaken if more than 500 people in the state are affected by an incident that threatens the security of their data.
Then, just as is the case now, Boost did not detail how exactly the hacker gained access to the customer data and what vulnerability in the company’s system allowed them to do so.