Security

It was totally Samsung's fault that crims stole your personal info from a Samsung site, says Samsung-blaming Sprint

Just in case we've not made ourselves clear, Samsung screwed you over, adds Sprint

10 Got Tips?

Sprint has told some of its subscribers that a piss-poor Samsung website exposed their personal details to the internet.

The North American mobile carrier is right now sending out letters (PDF) to unlucky customers whose account and device details were leaked onto the web thanks to, apparently, dodgy Samsung coding and miscreants.

"On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com 'add a line' website," Sprint wrote in its missive to aggrieved subscribers.

"The personal information of yours that may have been viewed includes the following: phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services."

Here's what happened: fraudsters somehow obtained and used some Sprint customers' account information to log into the Samsung add-a-line website and, from there, gathered additional personal details on Sprint accounts. Add-a-line is or was, from what we can tell, a means to add additional services to your phone's postpaid monthly voice plan.

PIN pointed

The disclosure notice did not specify whether those Sprint customer details were used for any further shenanigans, but Sprint did say it was resetting customer PINs in at least some cases. The carrier did not say how many of its customers were affected.

"No other information that could create a substantial risk of fraud or identity theft was acquired," Sprint added.

Samsung, for its part, admits its site was the source of the leak, but said the credentials used by the attackers were gathered elsewhere.

"Samsung takes security very seriously. We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung," a Sammy spokesperson told El Reg.

"We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”

While Sprint did not say it would be offering any identity protection services, the carrier is advising customers to keep a close eye on their accounts and consider placing a credit fraud alert and notifying authorities if any suspicious activity is found. ®

Sign up to our NewsletterGet IT in your inbox daily

10 Comments

Keep Reading

FCC sucks its teeth, clicks its tongue, says: Yeah, AT&T, Sprint, T-Mobile US, Verizon gleefully sold your location data. Guess we should fine them?

How much you make, Randy? Wanna cough up, I dunno, twice that or something?

Paying Arizona: Google sued by state for location data revenues after tracking state's citizens via mobiles

Chocolate Factory insists its practices have been mischaracterized

Your mobile network broke the law by selling location data and may be fined millions... or maybe not, shrugs FCC

US watchdog struggles to do its job over illegal sale of folks' whereabouts

Congress to FCC: Where’s the damn report on mobile companies selling location data?

Energy and Commerce Committee Democrats not happy with Ajit Pai

Apple-Google COVID-19 virus contact-tracing API to bar location-tracking access

Renamed 'ExposureNotification' will only only one app per nation

Stop us if you've heard this one: Aussies probe Google over misleading location stalking claims

The case certainly rings a bell back in Europe

Yahoo! Japan! shares! user! location! data! with! government! to! track! coronavirus! clusters!

As LINE named nation's preferred telemedicine tool

Consumer orgs ask world's competition watchdogs: Are you really going to let Google walk off with all Fitbit's data?

Updated It's like the Chocolate Factory isn't dominant enough already

What was that P word? Ah. Privacy. Yes, we'll think about privacy, says FCC mulling cellphone location data overhaul

Analysis Commissioners still doing their best to ignore bounty hunter stalking scandal

America's Team Telecom urges FCC to do something about that 120Tbps fiber line between US, Hong Kong

Google, Facebook cable link to China problematic, says oversight body

Tech Resources

The Cloud: How CISOs Can Embrace It (Wisely), Not Fear It

Cloud computing is one of the great transformational shifts in corporate information technology.

Navigating the CTI Noise

We all want better threat intelligence, but it’s not easy to build a CTI program and deliver it considering all the moving parts, people, processes, and technology. Sure you need to gather the data, but how do you separate intel and priorities from the noise? How do you turn this into actionable information that improves the security of your business?

Unlocking the Cloud-Native Data Layer

Being able to exceed customer expectations is essential to a successful business.

An Executive's Guide to Integrating SecOps and NetOps

Read this white paper for the five key value drivers of an integrated SOC and NOC, as well as clear strategies to help you move forward.