Sprint has been informing customers of a data breach discovered on June 22 that came by way of their account credentials via Samsung’s “add a line” website. The number of customers impacted has not been disclosed.
Information exposed in the breach includes phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address, and add-on services, according to Sprint’s notification. The notification also stresses information that might be used in financial fraud was not affected.
“Suggesting this breach does not put users at risk of fraud or identity theft strikes me as either ignorant or disingenuous,” counters Sam Bakken, senior product marketing manager at OneSpan. “Combining phone number, device type, and device ID, an attacker has the building blocks for an account-takeover scheme.”
And that could have significant financial ramifications, says Tim Mackey, principal security strategist at Synopsys CyRC. “If a malicious actor has access to the appropriate provider information, they can co-opt the user’s account either through the porting process or by simply obtaining a replacement SIM. These attacks are respectively known as ‘port-out scams’ and SIM-jacking,” he explains.
Once those steps are taken, he says, many two-factor authentication schemes become weapons rather than protections. “Once ported, the replacement device will receive all cellular messages, such as SMS,” Mackey says. “This can facilitate attacks where SMS is used as part of a two-factor identification strategy.”
The most important information about this breach, according to Bob Maley, chief security officer at NormShield, is it’s not the first Sprint has seen this year. “Earlier this year one of their subsidiaries, Boost Mobile, had a problem with a contractor,” Maley says. According to the notification Sprint sent customers for that breach, which occurred March 14, “Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code.”
“It sounds like [Sprint’s] process for risk assessment for third parties might be lacking,” Maley says. “As a CISO I’d want to know very early on when we engage a third party the sort of risk that engagement would bring to us. Are we sharing data with them? Will they have access to our systems or network? Is the service the third party providing critical to our operation?”
Samsung would have said “yes” all three of those questions, Maley says, and so should fall under an enhanced schedule of monitoring and assessment for risk and security.
Many companies conduct risk assessment when a new third-party partner is onboarded but then fail to do regular reassessment of the risks, Maley says. “The ‘trust but verify’ model is good, but most people are just using the ‘trust’ part,” he says.
This breach is a reminder that risks should be assessed and security practices audited on a regular basis, Maley adds. In a dynamic world, he points out, security is not a one-time affair.
Related Content:
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio
More Insights
Hi there, I just found your site and wanted to say that I’ve truly enjoyed browsing your blog posts. After all I’ll be subscribing to your feed and I hope you write again very soon!
I have figured out some important things through your blog post. One other subject I would like to talk about is that there are plenty of games in the marketplace designed specifically for preschool age kids. They contain pattern acceptance, colors, dogs, and designs. These generally focus on familiarization as opposed to memorization. This makes children and kids occupied without having the experience like they are studying. Thanks
Incredible! This blog looks just like my old one! It’s on a totally different subject but it has pretty much the same page layout and design. Excellent choice of colors!
Enjoy fun slots at the top casino. Claim your exclusive deposit bonus today. Have a blast playing fun slots. Sign up to Win amazing bonuses
Hello there! I know this is kind of off topic but I was wondering which blog platform are you using for this website? I’m getting fed up of WordPress because I’ve had issues with hackers and I’m looking at options for another platform. I would be fantastic if you could point me in the direction of a good platform.
I used to be very happy to search out this web-site.I wanted to thanks for your time for this wonderful learn!! I undoubtedly enjoying every little bit of it and I have you bookmarked to check out new stuff you weblog post.
I truly appreciate this post. I have been looking all over for this! Thank goodness I found it on Bing. You have made my day! Thank you again
What’s up every one, here every one is sharing these knowledge, thus itís pleasant to read this webpage, and I used to visit this webpage daily.
Quality posts is the crucial to be a focus for the people to pay a quick visit the site, thatís what this web page is providing.
Fascinating blog! Is your theme custom made or did you download it from somewhere? A theme like yours with a few simple adjustements would really make my blog shine. Please let me know where you got your theme. Thanks
I have really learned some new things from a blog post. One other thing I have noticed is that in many instances, FSBO sellers can reject a person. Remember, they can prefer never to use your products and services. But if you actually maintain a stable, professional connection, offering assistance and remaining in contact for four to five weeks, you will usually have the ability to win a conversation. From there, a house listing follows. Many thanks
The other day, while I was at work, my cousin stole my iphone and tested to see if it can survive a forty foot drop, just so she can be a youtube sensation. My apple ipad is now destroyed and she has 83 views. I know this is totally off topic but I had to share it with someone!
One thing is always that one of the most common incentives for making use of your card is a cash-back or perhaps rebate supply. Generally, you’re going to get 1-5 back upon various buying. Depending on the credit cards, you may get 1 again on most buying, and 5 again on acquisitions made from convenience stores, gas stations, grocery stores as well as ‘member merchants’.
Hi there friends, how is the whole thing, and what you desire to say regarding this post, in my view its in fact amazing designed for me.
I am really glad to read this webpage posts which carries lots of useful information, thanks for providing such information.
Really when someone doesnít be aware of afterward its up to other visitors that they will help, so here it happens.
YouTube is world’s leading video sharing web site, no one can defeat it. Every one upload video clips at YouTube afterward take embed code and post everywhere.
Hello, can any body help me how to get this video tutorial from this website, I have watched and listen it at this place but want to get it.
A person essentially help to make seriously articles I would state. This is the first time I frequented your website page and thus far? I surprised with the research you made to make this particular publish extraordinary. Magnificent job!
keep up the good piece of work, I read few articles on this web site and I believe that your site is real interesting and has circles of superb information.
Cephalexin 30 Days Zithromax 400 Mg Zithromax 4 Tablets At Once cialis no prescription Amoxicillin Elixir Amoxicillin For Uti
If you are going for best contents like me, simply pay a quick visit this site daily since it offers quality contents, thanks
This is very interesting, You are a very skilled blogger. I have joined your rss feed and look forward to seeking more of your wonderful post. Also, I’ve shared your website in my social networks!
Hey there would you mind letting me know which webhost you’re using? I’ve loaded your blog in 3 different browsers and I must say this blog loads a lot quicker then most. Can you suggest a good internet hosting provider at a fair price? Many thanks, I appreciate it!
Thanks for sharing your ideas with this blog. As well, a delusion regarding the financial institutions intentions any time talking about property foreclosures is that the loan company will not have my repayments. There is a fair bit of time in which the bank will require payments every now and then. If you are also deep inside the hole, they’ll commonly call that you pay the actual payment fully. However, i am not saying that they will have any sort of payments at all. When you and the loan company can manage to work some thing out, the particular foreclosure practice may cease. However, when you continue to skip payments within the new strategy, the property foreclosures process can pick up where it was left off.
some times its a pain in the ass to read what website owners wrote but this internet site is very user genial! .
Thanks for your article. One other thing is that if you are selling your property on your own, one of the challenges you need to be mindful of upfront is when to deal with household inspection records. As a FSBO vendor, the key about successfully transferring your property in addition to saving money about real estate agent revenue is expertise. The more you understand, the softer your property sales effort will probably be. One area where by this is particularly significant is information about home inspections.
I will right away grab your rss feed as I can’t in finding your email subscription link or newsletter service. Do you’ve any? Please allow me recognize in order that I may subscribe. Thanks.
I as well as my friends happened to be checking the great ideas located on your web blog then instantly I got an awful feeling I had not thanked the site owner for those strategies. The people ended up for this reason passionate to study them and have now simply been enjoying these things. We appreciate you actually being well helpful and for figuring out some ideal issues most people are really desirous to learn about. My honest regret for not expressing appreciation to earlier.
There are also so many video uploading blogs, and these as well give facility for distribution their video tutorials, except I think YouTube is the best.
Amazing video, in fact a good quality, this YouTube video touched me a lot in terms of features.
Hey this is somewhat of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML. I’m starting a blog soon but have no coding knowledge so I wanted to get guidance from someone with experience. Any help would be enormously appreciated!
Excellent post. I was checking constantly this weblog and I am inspired! Extremely helpful info specially the ultimate section 🙂 I care for such information a lot. I was seeking this particular information for a very lengthy time. Thank you and good luck.
Sharing some thing is superior than keeping up-to our self, so the YouTube video that is posted at this juncture I am going to share by means of my family and friends.
Howdy, There’s no doubt that your site could be having web browser compatibility issues. When I take a look at your blog in Safari, it looks fine but when opening in IE, it has some overlapping issues. I merely wanted to provide you with a quick heads up! Aside from that, fantastic site!
Wow, what a video it is! Truly pleasant feature video, the lesson given in this video is in fact informative.
I reckon something really special in this site.
I think this is among the most vital information for me. And i’m glad reading your article. But should remark on some general things, The web site style is perfect, the articles is really nice : D. Good job, cheers
Just a smiling visitant here to share the love (:, btw great style.
Hi, Neat post. There’s a problem with your web site in internet explorer, would check this… IE still is the market leader and a big portion of people will miss your fantastic writing because of this problem.
Hello there! This article couldn’t be written any better! Going through this article reminds me of my previous roommate! He continually kept preaching about this. I am going to send this information to him. Pretty sure he’s going to have a great read. Thank you for sharing!
Thanks for your useful article. Other thing is that mesothelioma cancer is generally due to the inhalation of fibers from asbestos fiber, which is a dangerous material. It is commonly observed among employees in the engineering industry with long exposure to asbestos. It could be caused by living in asbestos protected buildings for long periods of time, Genetics plays a crucial role, and some folks are more vulnerable to the risk as compared with others.
I used to be able to find good advice from your blog posts.
I have mastered some new elements from your web page about pcs. Another thing I have always believed is that computers have become something that each home must have for a lot of reasons. They provide convenient ways to organize households, pay bills, go shopping, study, pay attention to music and in many cases watch television shows. An innovative technique to complete most of these tasks is with a laptop. These desktops are mobile ones, small, robust and lightweight.
Asking questions are truly good thing if you are not understanding something fully, however this piece of writing provides pleasant understanding yet.
Itís my first pay a quick visit to this web page, and I am genuinely astonished to see such a fastidious quality YouTube video posted at this point.
One more thing that I desire to share at this time is that, whatever you are using free blogging service but if you donít update your website on daily basis then itís no more worth.
My grand father constantly used to watch YouTube humorous video clips, hehehehehe, for the reason that he desires to be cheerful always.
Thanks for your write-up. One other thing is when you are disposing your property on your own, one of the problems you need to be conscious of upfront is just how to deal with house inspection reviews. As a FSBO home owner, the key to successfully shifting your property and also saving money with real estate agent profits is understanding. The more you realize, the easier your home sales effort is going to be. One area when this is particularly critical is home inspections.
very good post, i definitely adore this web site, persist with it
some genuinely interesting info , well written and loosely user pleasant.
Pictures are truly pleasant source of lessons instead of text, its my know-how, what would you say?
My partner and I absolutely love your blog and find a lot of your post’s to be what precisely I’m looking for. Would you offer guest writers to write content available for you? I wouldn’t mind composing a post or elaborating on a lot of the subjects you write regarding here. Again, awesome site!
Definitely consider that which you said. Your favorite reason seemed to be at
the net the easiest factor to take into account of.
I say to you, I definitely get annoyed while folks think about
issues that they just don’t realize about. You managed to
hit the nail upon the highest as smartly as
defined out the whole thing without having side-effects , other folks could take a signal.
Will probably be back to get more. Thanks
Hi there colleagues, pleasant post and pleasant urging commented here, I am in fact enjoying by these.
Major thanks for the blog article.Thanks Again. Great.
Hello I am from Australia, this time I am watching this cooking related video at this web page, I am actually delighted and learning more from it. Thanks for sharing.
Appreciate you sharing, great article.Thanks Again. Great.
Thanks a lot for the post. Great.
Great blog post.Much thanks again.
I am constantly looking online for ideas that can help me. Thanks!
Thank you for your blog article.Much thanks again. Keep writing.
Im thankful for the blog article.Thanks Again. Want more.
Really enjoyed this blog post.Really looking forward to read more. Great.
Very neat post. Much obliged.
Appreciate you sharing, great blog post.Really looking forward to read more. Great.
Thanks for sharing, this is a fantastic blog.Really looking forward to read more. Really Great.
wow, awesome blog.Thanks Again. Want more.
Looking forward to reading more. Great post.Much thanks again. Keep writing.
Thanks again for the blog article.Really thank you! Really Great.
Fantastic article post.Thanks Again. Really Cool.
Im grateful for the blog.Much thanks again. Really Cool.
hello there and thank you for your information –
I have certainly picked up something new from right here. I did however expertise some
technical issues using this site, since I experienced to reload the site a
lot of times previous to I could get it to load correctly.
I had been wondering if your web hosting is OK?
Not that I’m complaining, but slow loading instances times will often affect your placement in google and can damage
your quality score if ads and marketing with Adwords.
Anyway I’m adding this RSS to my email and can look out for
a lot more of your respective exciting content. Ensure that you update this again soon.
Very neat article post.Thanks Again. Awesome.
Fantastic post however , I was wanting to know if you
could write a litte more on this subject? I’d be very grateful if you
could elaborate a little bit more. Bless you!
Great, thanks for sharing this blog article. Really Cool.
Very neat article. Keep writing.
Hi, I do think this is an excellent website. I stumbledupon it 😉 I’m going to return yet again since I bookmarked it. Money and freedom is the best way to change, may you be rich and continue to guide other people.
I was wondering if you ever considered changing the structure
of your blog? Its very well written; I love what youve got
to say. But maybe you could a little more in the way of content
so people could connect with it better. Youve got an awful lot of text for only having 1 or
two pictures. Maybe you could space it out better?
This is one awesome article.Thanks Again. Awesome.
I loved as much as you will receive carried out right here.
The sketch is tasteful, your authored subject
matter stylish. nonetheless, you command get bought an nervousness over that you wish be
delivering the following. unwell unquestionably come further formerly again since exactly
the same nearly a lot often inside case you shield this
increase.
Thanks-a-mundo for the blog post.Really looking forward to read more. Fantastic.
Marvelous, what a website it is! This web site presents useful
data to us, keep it up.
Wow, this article is fastidious, my sister is analyzing such things, thus I am going to convey her.
Thanks for sharing, this is a fantastic blog post. Will read on…
Fantastic post.Really thank you! Keep writing.
Thanks-a-mundo for the blog post.Really looking forward to read more. Cool.
Major thankies for the article post. Really Cool.
I value the blog article.Much thanks again.
I cannot thank you enough for the blog.Much thanks again. Will read on…
Really enjoyed this blog.Much thanks again. Really Cool.
Very informative blog article.Really thank you! Great.
A big thank you for your blog.Much thanks again. Much obliged.
Thanks again for the blog.Thanks Again. Fantastic.
Fantastic article post.Really looking forward to read more. Great.
Great article post.Thanks Again. Keep writing.
I really enjoy the blog article. Really Cool.
Fantastic article post.Thanks Again. Keep writing.
Muchos Gracias for your post.
I loved your blog post.
This is one awesome article post.Much thanks again. Cool.
A big thank you for your post.
Thanks for the article post.Really looking forward to read more. Cool.
Major thanks for the post.Really thank you!
Im thankful for the article post.Thanks Again.
Thank you ever so for you blog. Really Cool.
Very informative post.Really thank you! Much obliged.
Excellent post. I was checking continuously this blog and I’m impressed!
Extremely helpful information specially the last part :
) I care for such info a lot. I was looking for this certain info for a very long time.
Thank you and best of luck.
This info is worth everyone’s attention. How can I find out more?
Great blog post.Really looking forward to read more.
Enjoyed every bit of your article.Much thanks again. Great.
I appreciate you sharing this blog article.Thanks Again. Cool.
Thanks a lot for the blog post.Much thanks again. Cool.