Sprint’s security team is having a very, very lousy 2019. On top of the earlier Boost Mobile breach, the carrier has revealed that hackers obtained “unauthorized access” to an unspecified number of Sprint accounts through Samsung’s “add a line” website. The provider said that the data didn’t pose a “substantial risk” for fraud or identity theft and didn’t include credit card or social security numbers, but there’s still good reason for concern. Intruders may have seen names, billing addresses, phone numbers, device IDs and account numbers, among other sensitive details.
The network found out about the breach on June 22nd, and reset PIN codes for all the affected accounts on June 25th. Samsung said the attempts were using Sprint login details that “were not obtained from Samsung.” The phone maker also rolled out additional “measures” to reduce the chance of future breaches.
We’ve asked Sprint for more info, including when it believes the breach took place, the number of affected users and whether or not there’s evidence the account data was changed or used. The access through Samsung’s portal suggests the scale was limited (it’s not the same as attacking Sprint directly). Regardless, it’s really not what the network likely wanted to report — especially not with its T-Mobile merger already hanging in the balance.