Following a mysterious "Find my Mobile" push notification this morning, questions are swirling around Samsung after customers found other users's login details being shown to them while trying to change their passwords.
In the early hours of this morning, a very large number of Samsung devices around the world received a push notification from the vendor's Find my Mobile app. That notification simply read "1/1".
Why did my Samsung give me a Find My Mobile notification that just said 1 1? pic.twitter.com/BqSEFwkuA1— :3 (@SketchShiba) February 20, 2020
A handful of Reg staffers also received the notification, which caused surprise and concern at Vulture Central – not least because Find my Mobile is disabled on two of those devices.
A pre-installed default Samsung OEM app regarded by some as bloatware, Find my Mobile cannot be fully uninstalled if you don't plan to format the entire phone with a new third-party ROM – which is a profoundly technical process, and, with modern Samsung devices, requires the user to unlock the bootloader. The next best thing a user can do is sign into their Samsung account to "disable" the app's features.
Over on Twitter, Samsung UK asserted that this morning's push notification was a "message sent unintentionally during internal test".
Hi Holly. Recently, a notification about “Find My Mobile 1” occurred on limited number of Galaxy devices. This notification was confirmed as a message sent unintentionally during internal test and there is no effect on your device. 1/2 ^JS— Samsung Help UK (@SamsungHelpUK) February 20, 2020
Ominously, some Register readers who received the unwanted notification immediately assumed the worst and went into their accounts to change their Samsung passwords only to be confronted by other people's personal data on the Samsung UK website.
One told us that after seeing other people's names, addresses and phone numbers displayed in his Samsung Account after logging in using his own details, he phoned the Samsung helpdesk. Our reader said: "When I explained to [the call centre worker] what I saw, he said, 'Yes, we've had a few reports of that this morning'."
Mark showed us screenshots he had taken, showing himself logged in and someone else's details being displayed as if they were associated with his account.
On checking https://accounts.samsung.com as advised by the call centre, Mark found all was well. He added that the call centre bod had told him this was a "local issue", presumably affecting the UK alone.
We have asked Samsung to comment and if the Korean firm replies, we'll update this article. We have also asked the Information Commissioner's Office whether Samsung UK has reported a data leak.
If you too have noticed Samsung weirdness this morning, click the author's name at the top of this article to send him an email about it. He promises not to bite. ®