Latest in Gear

Image credit: Jeenah Moon/Bloomberg via Getty Images

Sprint security lapse gave access to customer data

It would have been easy to hijack cellphone numbers.
386 Shares
Share
Tweet
Share

Sponsored Links

Jeenah Moon/Bloomberg via Getty Images

Add Sprint to the list of US carriers whose security shortfalls put customer data at risk. TechCrunch has confirmed that the provider was using two sets of easily-guessed logins that let a security researcher access a company portal with access to customer data, including for Boost Mobile and Virgin Mobile. There were issues within the portal, too. The researcher would only have needed an account holder's phone number and a four-digit PIN to access their data, change plans or swap devices, and there was no limit on the number of PIN guesses.

In a statement, Sprint confirmed that the expert used "legitimate credentials" to get in. It promptly changed the passwords and vowed to "research this issue" in a bid to avoid a repeat.

This isn't as grave as the incidents that affected AT&T and T-Mobile, since this required finding and logging into a largely unknown portal. With that said, it points to a seemingly consistent problem with security at American networks. It wouldn't have taken much to hijack phone numbers and sign into accounts that require two-factor authentication, putting social accounts and other sensitive info within easy reach.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
386 Shares
Share
Tweet
Share

Popular on Engadget

The Morning After: Nike's accessible AJI

The Morning After: Nike's accessible AJI

View
HTC's Exodus 1s can run a full Bitcoin node for under $250

HTC's Exodus 1s can run a full Bitcoin node for under $250

View
Kik Messenger will keep running under a different owner

Kik Messenger will keep running under a different owner

View
Netflix's 'Cowboy Bebop' production pauses after John Cho is injured on-set

Netflix's 'Cowboy Bebop' production pauses after John Cho is injured on-set

View
Nike puts an accessibility twist on its iconic Air Jordan 1

Nike puts an accessibility twist on its iconic Air Jordan 1

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr