U.S. telecommunications company Sprint Corp. has been hacked with an unknown number of accounts compromised, but in a twist, the company is blaming Samsung Electronics Co. Ltd. for the data breach.
Affected customers were informed of the hack via emailÂ today, weeks afterÂ the hack was detected June 22. Data stolen in the hack included phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services.
Passwords and other data that Sprint describes as creating â€œa substantial risk of fraud or identity theftâ€ were not stolen.
Sprint added that it had â€œtaken appropriate actionâ€ to secure all accounts and is yet to detect any fraudulent activity relating to the hack. Affected customers have been forced to reset their Sprint PINs as a precaution.
The hack is alleged to have come via the Samsung â€œadd a lineâ€ website. Samsung does sell phones directly from its website in the U.S. whereby customers can subscribe to Sprint, but how Sprint customer data was compromised by Samsung is not entirely clear.
AÂ spokesperson for Samsung told CNETÂ that it had â€œrecently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung,â€ and that it had â€œdeployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.â€
â€œSprintâ€™s breach could not come at a worse time for the company, Jonathan Bensen, chief information security officer at cybersecurity platformÂ Balbix Inc.Â told SiliconANGLE. Thatâ€™s because it recently announced a $26.5 billion merger agreement with T-Mobile in an attempt to take on wireless leaders Verizon and AT&T in a bigger way.
â€œIf the two enterprises do merge, it is critical that the pair implement security solutions that scan and monitor all T-Mobile and Sprint-owned and managed assets as well as all third-party systems to detect vulnerabilities that could be exploited,â€ Bensen said. â€œProactively identifying and addressing vulnerabilities that would put them at risk, such as the Samsung.com threat that lead to this breach, is the only way to stay ahead of future breaches and avoid litigation, fines under data privacy laws, retain brand image, increase the organizationsâ€™ market share and beyond.â€
Anurag Kahol,Â chief technology officer at cloud security access brokerÂ Bitglass Inc., noted thatÂ the breachÂ leaves Sprint customers vulnerable to identity theft and fraudulent activity.
â€œWhen armed with payment card information and personally identifiable information, malicious parties can engage in highly targeted phishing attacks, make fraudulent purchases, sell said data on the dark web for a quick profit, and much more,â€ Kahol said. â€œWhile Sprint has resecured all compromised accounts by resetting PIN codes, it is still unknown when hackers first gained access to the customer accounts, and what damage may already be done.â€
Since youâ€™re here â€¦
â€¦ Weâ€™d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.â€™s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we donâ€™t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary onÂ SiliconANGLEÂ â€” along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams atÂ theCUBEÂ â€” take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here,Â please take a moment to check out a sample of the video content supported by our sponsors,Â tweet your support, and keep coming back toÂ SiliconANGLE.