You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Breaches and Incidents
- A bug in Sprint website exposes other people’s account information

A bug in Sprint website exposes other people’s account information
A bug in Sprint website exposes other people’s account information- March 20, 2019
- |
- Breaches and Incidents
/https://cystory-images.s3.amazonaws.com/sprint-logo.jpg)
- The exposed information included customers’names, phone numbers as well as calls made to other users.
- The internal teams are working on correcting the problem.
A bug has allowed several Sprint customers to see personal information of other customers from their online accounts. It is not clear as for how long the account information leak persisted.
What’s the matter - According to TechCrunch, several customers complained that they could see other Sprint customers’ personal details while visiting their accounts. The information visible included customers’names, phone numbers as well as calls made to other users.
“I was able to click each one individually and see every phone call they made, the text messages they used, and the standard info, including caller ID name they have set,” a customer told TechCrunch.
Where does the flaw exist: Oscar, Tovar, vulnerability verification specialist at WhiteHat Security, noted that the data leak is due to a software bug that was not discovered before the release of deployment, SC Magazine reported.
The exposure “serves as a reminder that security encompasses all stages of the software development life cycle, including testing,” said Tovar, noting that in Sprint’s case, “the application did not sufficiently enforce user account access controls, which in turn, led to the disclosure of some user account information.”
Containing the issue - Sprint spokesperson Lisa Belot has confirmed the issue. “Last night, a technical issue with Sprint.com allowed a limited number of customers to view some information associated with other Sprint accounts,” she told TechCrunch.
Upon discovery, the firm immediately took the matter into consideration. The internal teams are working on correcting the problem.
Get such articles in your inbox
News
-
Previous News Natural Health Services suffered a data breach compromising medical cannabis users’ personal information
- March 20, 2019
- |
- Breaches and Incidents
-
Next News A new variant of Cardinal RAT employs BMP trick to target Israeli financial firms
- March 20, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
CenturyLink Customer Data Exposed
- October 19, 2019
- |
- Breaches and Incidents
Categories
Get such articles in your inbox
News
-
Previous News Natural Health Services suffered a data breach compromising medical cannabis users’ personal information
- March 20, 2019
- |
- Breaches and Incidents
-
Next News A new variant of Cardinal RAT employs BMP trick to target Israeli financial firms
- March 20, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
CenturyLink Customer Data Exposed
- October 19, 2019
- |
- Breaches and Incidents
Categories
