It seems Sprint’s security team has been going through a lousy 2019. On top of the sooner Boost Mobile breach, the carrier has now revealed that hackers recently obtained unauthorized access to an unspecified number of Sprint accounts through Samsung’s website.
The provider said that the information didn’t pose a substantial risk for fraud or identity theft and did not embody credit card or social security numbers, but there’s still a valid reason for concern. Intruders may have seen names, billing addresses, phone numbers, device IDs and account numbers, among other sensitive details.
The network found out about the breach on June 22nd, and immediately reset PIN codes for all the affected accounts on June 25th. In a statement, Samsung said the attempts were using Sprint login details that “were not obtained from Samsung.” The phone maker also rolled out additional “measures” to reduce the chance of future breaches.
A Samsung spokesperson said the company takes security very seriously. “We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung,” the spokesperson said in an emailed statement. “We deployed measures to prevent additional attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”
According to reports, it is unknown how many accounts were affected, how long the information was exposed, and what the nature of the vulnerability was that allowed hackers to access the information through a third-party company’s website, especially one as large and (hopefully) equipped to handle threats like these as Samsung.
Sprint has been asked about more information like when it believes the breach happened, the amount of affected users and whether or not there’s evidence the account data was changed or used. The access through Samsung’s portal suggests the scale was limited (it’s not the same as attacking Sprint directly). Regardless, it’s unlike to what the network wanted to report, especially not with its T-Mobile merger already hanging in the balance.