Hackers breach Sprint's customer accounts via Samsung website

According to US mobile network operator Sprint, hackers broke into an unknown number of customer accounts via the Samsung.com "add a line" website.

* The company said it re-secured all compromised accounts by resetting PIN codes, three days later, on June 25.

* The Sprint account breach notification lacks a few important details, such as the number of breached accounts, the date when hackers first started accessing Sprint accounts via the Samsung.com website, and if hackers modified any customer account details.

* This is the second account breach notification letter Sprint is sending this year. The company also suffered another breach via Boost Mobile, a virtual mobile network and Sprint subsidiary.

Saryu Nayyar, CEO of Gurucul, commented: "While details of this breach are scant, the reality is that a volume of accounts were compromised via a third party site. The spike in activity of "add a line" transactions or visits to the "add a line" website should have triggered alarm. That type of activity is both anomalous and risky. It should have set off alarms to be investigated by the Sprint security team. Once again, defending breaches after-the-fact is ineffective.

"When attackers manage to hijack legitimate access rights, they can remain undetected for extended periods of time. Many organisations don’t have the ability to identify subtle behavioral anomalies that are indicators of cyber threats. But, with advanced machine learning algorithms, it’s possible to spot behaviors that are outside the range of normal activities and intervene before the damage is done."

Javvad Malik, security awareness advocate at KnowBe4 added: "The Sprint breach highlights, once again, the importance of third-party assurance and how access given to third parties needs to be carefully considered, secured and monitored. When security is built in at an early stage, the architecture can be designed in a more secure manner so that external, or even internal departments which don't need access to functions cannot make any unauthorised changes.

"It's unfortunate that Sprint didn't provide more details around the number of accounts breached and whether attackers had modified any account details. It could be possible that Sprint is still collating the information, but transparency and clarity of impact is vitally important for companies in the aftermath of an incident. Delays to sharing information can undermine customer confidence."