The network found out about the breach on June 22nd, and reset PIN codes for all the affected accounts on June 25th. In a statement to CNET, Samsung said the attempts were using Sprint login details that “were not obtained from Samsung.” The phone maker also rolled out additional “measures” to reduce the chance of future breaches.
We’ve asked Sprint for more info, including when it believes the breach took place, the number of affected users and whether or not there’s evidence the account data was changed or used. The access through Samsung’s portal suggests the scale was limited (it’s not the same as attacking Sprint directly). Regardless, it’s really not what the network likely wanted to report — especially not with its T-Mobile merger already hanging in the balance.