Sprint Says Hackers Breached Customer Accounts Via Samsung Website

sprint-pairs-curiosity-iot-with-5g-to-po-5c3bce3e60b2a3de4f273ca9-1-jan-14-2019-2-30-54-poster.jpgCBS Interactive/CNET

US mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com “add a line” website.

“On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website,” Sprint said in a letter it is sending impacted customers.

“The personal information of yours that may have been viewed includes the following: phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services,” the US telco said.

Sprint said the information hackers had access to did not pose “a substantial risk of fraud or identity theft,” although, many might disagree with its assessment.

The company said it re-secured all compromised accounts by resetting PIN codes, three days later, on June 25.

Unknown number of compromised accounts

The Sprint account breach notification lacks a few important details, such as the number of breached accounts, the date when hackers first started accessing Sprint accounts via the Samsung.com website, and if hackers modified any customer account details.

ZDNet reached out to Sprint with all these questions, along with an inquiry of how Sprint discovered the breach in the first place. A spokesperson did not respond in time for this article’s publication.

This is the second account breach notification letter Sprint is sending this year. The company also suffered another breach via Boost Mobile, a virtual mobile network and Sprint subsidiary.

In May, Sprint said hackers used Boost phone numbers and Boost.com PIN codes to access users’ Sprint accounts.

More data breach coverage:

READ MORE HERE