Sprint security lapse gave access to customer data

Add Sprint to the list of US carriers whose security shortfalls put customer data at risk. TechCrunch has confirmed that the provider was using two sets of easily-guessed logins that let a security researcher access a company portal with access to customer data, including for Boost Mobile and Virgin Mobile. There were issues within the portal, too. The researcher wou ld only have needed an account holder's phone number and a four-digit PIN to access their data, change plans or swap devices, and there was no limit on the number of PIN guesses.

In a statement, Sprint confirmed that the expert used "legitimate credentials" to get in. It promptly changed the passwords and vowed to "research this issue" in a bid to avoid a repeat.

This isn't as grave as the incidents that affected AT&T and T-Mobile, since this required finding and logging into a largely unknown portal. With that said, it points to a seemingly consistent problem with security at American networks. It wouldn't have taken much to hijack phone numbers and sign into accounts that require two-factor authentication, putting social accounts and other sensitive info within easy reach.

Source: TechCrunch



via Engadget RSS Feed https://ift.tt/2MKdel5
RSS Feed

If New feed item from http://www.engadget.com/rss-full.xml, then send me

IFTTT

Comments

Popular posts from this blog

Evernote cuts staff as user growth stalls

The best air conditioner

We won't see a 'universal' vape oil cartridge anytime soon