Sprint has informed its subscribers about a security breach which has resulted in private information such as phone numbers, billing addresses, and more being compromised. This was due to a vulnerability present in a Samsung website, according to Sprint, which advertised an “add a line” feature for active Sprint subscribers.
The carrier has sent a letter to affected customers, saying that it was informed of unauthorized access to their accounts on June 22nd. The account credentials were apparently used through a Samsung website.
“The personal information of yours that may have been viewed includes the following: phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services,” it said in the letter. Sprint says that the information which was leaked doesn’t post a “substantial risk of fraud or identity theft.”
It adds that all compromised accounts have been re-secured by resetting PIN codes three days later. What it hasn’t said is just how many accounts were compromised as a result of this vulnerability. Sprint is yet to provide additional details about this entire episode while Samsung is yet to comment on the matter as well.