Hacker Breached Sprint Customer Accounts Through Samsung Website

Jennings Brown

PublishedJuly 16, 2019

Comments (6)

We may earn a commission from links on this page.

Image for article titled Hacker Breached Sprint Customer Accounts Through Samsung Website — Photo: Getty

Many Sprint customers recently learned that their accounts were compromised through the Samsung website.

Watch

Rob Savage on Collaborating with YellowJackets’ Sophie Thatcher

view video

Rob Savage on Collaborating with Yellowjackets’ Sophie Thatcher

Coastal Animals Are Thriving on Plastic Pollution Out in the Pacific Ocean | Extreme Earth

Monday 5:37PM

Boogeyman Star Sophie Thatcher Wrote Howl's Moving Castle Fan Fiction | io9 Interview

Monday 9:44AM

ZDNet reports that Sprint sent a letter to affected customers informing them of the breach. The letter, shared by ZDNet, states that on June 22, the company learned about “unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website.”

The letter informed users that the hackers may have seen customers’ “phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services.”

Sprint confirmed the breach to Gizmodo, and said credit card and social security numbers were not compromised as they are encrypted. Samsung told us that its team, “recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung.” The company said that “no Samsung user account information was accessed as part of these attempts.”

The letter told customers they aren’t at “substantial risk” of becoming a victim of identity theft or fraud, but, as ZDNet points out, that statement might not be accurate.

Sprint’s letter to customers states that it reset their PIN codes on June 25 to re-secure their accounts.

“Because Sprint takes this matter, and all matters involving our customers’ privacy, very seriously, in addition to the initial customer notification, Sprint is taking the extra step of separately sending letters to impacted customers to remind them to update their existing PINs and that a dedicated Care Team has been established for assistance,” Sprint told Gizmodo, in a statement.

The company did not answer Gizmodo’s questions about how many accounts were affected and when the accounts were first breached.

Sprint customer information was also compromised earlier this year. Sprint-owned Boost Mobile told customers in May that a hacker breached accounts using Boost’s website PIN numbers and Boost phone numbers.