Search

Sprint customer accounts were breached by hackers using Samsung's website



What you need to know

Sprint has said that hackers managed to break into its customer accounts through Samsung's 'add a line' website.The carrier claims to have taken 'appropriate action' to secure the accounts of affected customers.Sprint hasn't revealed exactly how many customer accounts were compromised by the breach.

Many Sprint customers recently learned that their accounts were compromised through the Samsung website.

Just four months after a data breach that compromised user accounts of some Boost Mobile customers, Sprint has now admitted that hackers managed to gain unauthorized access to some of its customer accounts via Samsung's 'add a line' website on June 22. However, Sprint is yet to reveal the number of customers affected by the breach.

According to a letter that the carrier has sent to affected customers, personal information that may have been viewed by hackers include the customers' first and last name, phone number, device type, device ID, subscriber ID, account number, monthly recurring charges, account creation date, upgrade eligibility, billing address and add-on services.

ZDNet reports that Sprint sent a letter to affected customers informing them of the breach. The letter, shared by ZDNet, states that on June 22, the company learned about “unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website.”

The letter informed users that the hackers may have seen customers’ “phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services.”

Sprint confirmed the breach to Gizmodo, and said credit card and social security numbers were not compromised as they are encrypted. Samsung told us that its team, “recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung.” The company said that “no Samsung user account information was accessed as part of these attempts.”

The letter told customers they aren’t at “substantial risk” of becoming a victim of identity theft or fraud, but, as ZDNet points out, that statement might not be accurate.

Sprint’s letter to customers states that it reset their PIN codes on June 25 to re-secure their accounts.

Not long ago, Boost Mobile customers had a data breach that compromised user accounts and now Sprint has confirmed that hackers have managed to gain unauthorized access to few of its customer accounts via Samsung’s “add a line” website on 22nd of June. As of now Sprint has not mentioned or revealed the number of customers that got affected by the breach.

The Carrier has sent a letter to its affected customers saying that personal information that might have been viewed by hackers that include the customer’s first and last name, device type, subscriber ID, account number, device ID, phone number, upgrade eligibility, billing, and add-on services, monthly recurring charges, account creation date and upgrade eligibility.

“Because Sprint takes this matter, and all matters involving our customers’ privacy, very seriously, in addition to the initial customer notification, Sprint is taking the extra step of separately sending letters to impacted customers to remind them to update their existing PINs and that a dedicated Care Team has been established for assistance,” Sprint told Gizmodo, in a statement.

The company did not answer Gizmodo’s questions about how many accounts were affected and when the accounts were first breached.

Sprint customer information was also compromised earlier this year. Sprint-owned Boost Mobile told customers in May that a hacker breached accounts using Boost’s website PIN numbers and Boost phone numbers.

Sprint also mentioned that the hackers were not able to get any other kind of information other than the mentioned once which could pose a risk of fraud or identity theft. Furthermore, Sprint has told CNET that credit card and social security number of its customers are encrypted and were not compromised during the breach. It has also said that it has taken appropriate action to secure the accounts of its customers from unauthorized access.

Sprint has re-secured the affected customer’s accounts three days after the breach on 25th of June by resetting the account PIN. On the other hands, Samsung has accepted that fraudulent attempts were made to access Sprint user account information via its website and it also clarifies that Sprint login credentials used to gain unauthorized access were not obtained from its website. It also said that it was not any Samsung user account information accessed as part of the hacking attempts. It has already taken measures to prevent such fraudulent attempts again.

Samsung, on the other hand, has admitted that fraudulent attempts were made to access Sprint user account information via its website. However, the company clarified that Sprint login credentials used to gain unauthorized access were not obtained from its website and nor was any Samsung user account information accessed as part of the hacking attempts. It has already deployed measures to prevent any such fraudulent attempts in the future.


For more depth analysis visit SOURCE : 1 2 3


An Ethical hacker should know the penalties of unauthorized hacking into a system. Read more at: Legality and Ethics



*********************************************************************************************************************


For more tricks and update over hacking stay tuned to our site: Note 4 Tech