Cyber Incident Victim: T-Mobile US
Date:
Jun 2019
Location:
United States of America
Summary
Hackers breached an unknown number of Sprint customer accounts by exploiting the Samsung.com "add a line" website, gaining unauthorized access using compromised credentials. The exposed personal information included names, billing addresses, phone numbers, account numbers, device details, and service plan specifics, though the company asserted this did not pose substantial fraud or identity theft risks. The incident marked the second breach affecting the company that year, following a separate intrusion via its Boost Mobile subsidiary where attackers similarly leveraged phone numbers and PINs to access accounts. All compromised accounts were secured through PIN resets three days after discovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Sprint, a US mobile network operator, suffered a cyber incident where hackers breached customer accounts via the Samsung.com "add a line" website. The incident involved unauthorized access to sensitive information, including phone numbers, device types, and billing addresses. The attackers were able to gain access to customer accounts using the account credentials, which were compromised through the Samsung website.
The incident was first reported to Sprint on June 22, and the company subsequently took steps to re-secure the compromised accounts by resetting PIN codes. The re-securing of accounts was completed on June 25, three days after the incident was reported. Despite the swift action taken by Sprint, the incident highlights the risks associated with the interconnectedness of online systems and the potential vulnerabilities that can arise when multiple companies share customer data.
The breach of customer accounts via the Samsung website is a concerning development, as it suggests that the attackers were able to exploit vulnerabilities in the website's security measures. The fact that the attackers were able to access sensitive information, including phone numbers and billing addresses, raises concerns about the potential for identity theft and other malicious activities. However, Sprint has stated that the incident did not pose a substantial risk of fraud or identity theft.
The incident also highlights the importance of robust security measures and the need for companies to prioritize the protection of customer data. The fact that the attackers were able to gain access to customer accounts using compromised account credentials suggests that there may have been weaknesses in the security measures in place to protect customer data. Furthermore, the incident raises questions about the level of oversight and monitoring that Sprint had in place to detect and respond to potential security threats.
The number of affected accounts remains unknown, and Sprint has not provided any information on the scope of the incident. The company has, however, notified impacted customers and has taken steps to re-secure the compromised accounts. The incident serves as a reminder of the ongoing threat of cyber attacks and the need for companies to remain vigilant in protecting customer data.
The incident also raises questions about the role of third-party vendors and the potential risks associated with sharing customer data. The fact that the attackers were able to gain access to customer accounts via the Samsung website suggests that there may have been vulnerabilities in the security measures in place to protect customer data. Furthermore, the incident highlights the need for companies to carefully evaluate the security measures of third-party vendors and to ensure that they are taking adequate steps to protect customer data.
Sprint's response to the incident has been swift, with the company taking steps to re-secure the compromised accounts and notify impacted customers. However, the incident serves as a reminder of the ongoing threat of cyber attacks and the need for companies to prioritize the protection of customer data. The incident also highlights the importance of robust security measures and the need for companies to remain vigilant in protecting customer data.
The incident has also raised concerns about the potential for similar attacks in the future. The fact that the attackers were able to gain access to customer accounts via the Samsung website suggests that there may be vulnerabilities in the security measures in place to protect customer data. Furthermore, the incident highlights the need for companies to carefully evaluate the security measures of third-party vendors and to ensure that they are taking adequate steps to protect customer data.
Overall, the cyber incident at Sprint highlights the ongoing threat of cyber attacks and the need for companies to prioritize the protection of customer data. The incident serves as a reminder of the importance of robust security measures and the need for companies to remain vigilant in protecting customer data.