Hackers breach Sprint accounts via Samsung website

• Hackers managed to gain unauthorized access into Sprint customer accounts using their account credentials via the Samsung.com 'add a line' website.
• The compromised information includes customers’ names, phone numbers, billing address, device types, device IDs, monthly recurring charges, subscriber IDs, account numbers, account creation dates, upgrade eligibility, and add-on services.

What is the issue?

Hackers broke into Sprint customer accounts via the Samsung.com “add a line” website. The telecommunications company sent notification letters to its customers informing them about the breach.

What happened?

On June 22, 2019, Sprint became aware of infiltration into customer accounts. The telecom company noted that hackers managed to gain unauthorized access into Sprint customer accounts using their account credentials via the Samsung.com 'add a line' website.

Sprint confirmed that no information that could cause a significant risk of identity theft was involved.

What information was compromised?

The compromised information includes customers’ names, phone numbers, billing address, device types, device IDs, monthly recurring charges, subscriber IDs, account numbers, account creation dates, upgrade eligibility, and add-on services.

What was the immediate action taken?

• Upon learning about the incident, Sprint took the necessary immediate steps to secure customer accounts.
• It secured all customer accounts on June 25, 2019, and reset all account PINs.

“Sprint re-secured your account on June 25, 2019, with the following notification to your Sprint phone device: Your account PIN may have been compromised, so we reset your PIN just in case in order to protect your account,” said Sprint in the notification letter.

What you can do to stay protected?

Sprint recommends the following security measures in order to stay protected against fraud and identity theft.

• Place a fraud alert on your credit reports, and review your credit reports.
• Close the accounts that you believe have been tampered with or opened fraudulently.
• File a report with your local police where the identity theft took place.
• Visit the Federal Trade Commission’s Identity Theft website, IdentityTheft.gov, and contact your state’s Attorney General or Consumer Protection Agency for more information on reporting and recovering from identity theft.