New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Sprint Suffers Breach Through Samsung Website

For the second time this year, Sprint has suffered an account breach. Back in May, Sprint fell victim to a breach through Boost Mobile. This time it came from Samsung.com “add a line” website. Unauthorized account access occurred on June 22nd by hackers using Sprint account credentials on the site. Information that was possibly included were phone numbers, device types, device ID, monthly recurring charges, subscriber ID, account numbers, account creation dates, upgrade eligibility, first and last name, billing address, and add-on services. Sprint claims that the information obtained would pose “a substantial risk of fraud or identity theft,” but this could prove to be untrue. They also claim the accounts were re-secured through PIN code resets on June 25th.  The problem is that Sprint left out key details when notifying the public of the breach. The number of breached accounts, the date when hackers first started accessing Sprint accounts via the Samsung.com website, and if hackers modified any customer account details were not included in the notification. Sprint was confronted with these questions, along with how they initially discovered the breach, but they have not answered by the time of this writing.

Analyst Notes

Since full details on the breach have not been released yet, it is hard to gauge the effect it could have on the customers. Until more details come out, users should monitor their account for any activity that may seem unusual and report it to Sprint.