Hacker Breached Sprint Customer Accounts Through Samsung Website

Illustration for article titled Hacker Breached Sprint Customer Accounts Through Samsung Website
Photo: Getty

Many Sprint customers recently learned that their accounts were compromised through the Samsung website.


ZDNet reports that Sprint sent a letter to affected customers informing them of the breach. The letter, shared by ZDNet, states that on June 22, the company learned about “unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website.”

The letter informed users that the hackers may have seen customers’ “phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services.”

Sprint confirmed the breach to Gizmodo, and said credit card and social security numbers were not compromised as they are encrypted. Samsung told us that its team, “recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung.” The company said that “no Samsung user account information was accessed as part of these attempts.”

The letter told customers they aren’t at “substantial risk” of becoming a victim of identity theft or fraud, but, as ZDNet points out, that statement might not be accurate.

Sprint’s letter to customers states that it reset their PIN codes on June 25 to re-secure their accounts.

“Because Sprint takes this matter, and all matters involving our customers’ privacy, very seriously, in addition to the initial customer notification, Sprint is taking the extra step of separately sending letters to impacted customers to remind them to update their existing PINs and that a dedicated Care Team has been established for assistance,” Sprint told Gizmodo, in a statement.


The company did not answer Gizmodo’s questions about how many accounts were affected and when the accounts were first breached.

Sprint customer information was also compromised earlier this year. Sprint-owned Boost Mobile told customers in May that a hacker breached accounts using Boost’s website PIN numbers and Boost phone numbers.


Former senior reporter at Gizmodo



Here’s how we get companies to beef up security... Take whatever is leaked in a data breach, and make that same data that belongs to the board and officers public.

If customers aren't at "substantial risk" from this breach then the CEO should be just fine releasing his phone number, device type, device ID, account number, billing address, etc...