American company Sprint, dedicated to the operation of mobile networks, claims that an unidentified hacker group compromised an as yet undefined number of customers’ accounts by exploiting a function on the Samsung company website, information security services specialists reported.
Through a statement, the company reported that “last June 22, we were notified of an unauthorized access to multiple Sprint accounts exploiting users’ login credentials via the “Add a line” option, present on Samsung’s website. This same message was sent to all users of the company via email.
Based on information obtained after the company’s first inquiries, the personal information compromised during the incident includes users’ full names, billing addresses, telephone numbers, device types, serial numbers and other sensitive data.
According to information security services experts, the information compromised during the incident is not sufficient to pose a potential risk of fraud or other illicit activities, although it remains to be seen whether hackers discover a method to take advantage of such incident. As a security measure, the company decided to perform a PIN code reset for all affected accounts during this incident.
Although the company almost immediately published its report on the incident, experts mention that some relevant details were not mentioned, such as the exact number of compromised accounts, the exact date of the start of the cyberattack, as well as the activities hackers performed once they managed to access customers’ accounts.
When questioned about these relevant details that have not been mentioned in the company’s security alerts, Sprint only mentioned that a spokesperson would begin to provide further details about the incident.
Unfortunately, this is not the first time Sprint has become the victim of a group of malicious hackers. Last May, Sprint reported that a hacker group gained access to Boost devices phone numbers and PIN codes through the company’s website. Although there is still multiple investigations to be carried out, information security services specialists at the International Institute of Cyber Security (IICS) have raised the possibility of some link between these two incidents; in other words, that both attacks have been perpetrated by the same malicious hackers.