Sprint informs customers today of a serious security breach where subscriber data, such as billing addresses, phone numbers and other detailed account information, is visible, according to ZDNet. The violation is a result of scamability, the details of which are currently unknown, in a Samsung website that promotes a "add rule" feature for active Sprint account holders.
Sprint explained the break in a letter to consumers that it was obtained by ZDNet. In the letter, Sprint says it was informed of "unauthorized access" at the end of June:
On June 22, Sprint was informed of unauthorized access to your Sprint account using your account information via the Samsung "add a line" website. We take this issue, and all matters concerning the privacy of the Sprint customer, very seriously.
What information was involved?
Your personal information that may have been viewed includes the following: phone number, device type, device ID, monthly recurring costs, subscriber ID, account number, date the account was created, upgrade suitability, first and last name, billing address and add on services. No other information has been obtained that could pose a significant risk of fraud or identity theft.
Sprint says it resets pin codes on compromised accounts to secure them within three days. But the company is currently omitting some crucial details. We do not know how many accounts were affected, how long the information was exposed and what the nature of the vulnerability was that allowed hackers to access the information through a third party website, especially one that was so large and (hopefully) equipped to to handle threats such as this like Samsung.
The edge has approached Sprint for additional comments.