For the second time this year, Sprint has suffered an account breach. Back in May, Sprint fell victim to a breach through Boost Mobile. This time it came from Samsung.com “add a line” website. Unauthorized account access occurred on June 22nd by hackers using Sprint account credentials on the site. Information that was possibly included were phone numbers, device types, device ID, monthly recurring charges, subscriber ID, account numbers, account creation dates, upgrade eligibility, first and last name, billing address, and add-on services. Sprint claims that the information obtained would pose “a substantial risk of fraud or identity theft,” but this could prove to be untrue. They also claim the accounts were re-secured through PIN code resets on June 25th. The problem is that Sprint left out key details when notifying the public of the breach. The number of breached accounts, the date when hackers first started accessing Sprint accounts via the Samsung.com website, and if hackers modified any customer account details were not included in the notification. Sprint was confronted with these questions, along with how they initially discovered the breach, but they have not answered by the time of this writing.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is