BreachExchange mailing list archives
Sprint customers say a glitch exposed other people's account information
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 21 Mar 2019 09:39:11 -0500
https://techcrunch.com/2019/03/18/sprint-account-leak/ Several Sprint customers have said they are seeing other customers’ personal information in their online accounts. One reader emailed TechCrunch with several screenshots describing the issue, warning that they could see other Sprint customers’ names and phone numbers. The reader said they informed the phone giant of the issue, and a Sprint representative said they had “several calls pertaining to the same issue.” In all, the reader saw 22 numbers in a two-hour period, they said. Several other customers complained of the same data exposing bug. It’s unclear how widespread the issue is or for how long the account information leak persisted. Kylie B-C@notthatkylie Logged in to pay my @sprint bill, saw what looked like the details of another user. Did this 3 times. I called, rep said they’d been getting other similar calls. Advice on clarifying if this is the privacy breach it looks like? @EFF @publiccitizen @NCLC4consumers @eyywa 2 9:38 AM - Mar 14, 2019 Thelma Cheeks@Tcheeksiamhair @sprint are you having a known issue with your website?! I’m trying to set permissions on my account and some other damil’s information is on my account! 2 8:02 PM - Mar 18, 2019 Madeline Finch@themadfinch If you are a @sprint customer please be aware that there has been a data breach. I have logged on to my account twice and both times have seen other customers’ devices. A phone call with @sprintcare resulted in them hanging up on me. 3 7:30 PM - Mar 18, 2019 Another customer told TechCrunch how the Sprint account pages were initially throwing errors. The customer said they scrolled down their account page and saw several numbers that were not theirs. “I was able to click each one individually and see every phone call they made, the text messages they used, and the standard info, including caller ID name they have set,” the customer told TechCrunch. Of the customers we’ve spoken to, some are pre-paid and others are contract. Sprint spokesperson Lisa Belot confirmed the bug in an email Tuesday. “Last night, a technical issue with Sprint.com allowed a limited number of customers to view some information associated with other Sprint accounts,” she said. “The issue was immediately flagged and our internal teams worked to correct the problem.” _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Sprint customers say a glitch exposed other people's account information Destry Winant (Mar 21)