Hackers Gained Access to Sprint Customer Accounts via Samsung Site

Image Source: iStock.com/TennesseePhotographer

As reported on Tuesday, July 16, Sprint has confirmed that a data breach took place through  Samsung’s website, in which hackers were able to access customers’ accounts. There is no detail on how many of such accounts were breached through this occurrence.

The data breach took place on June 22nd, to which Sprint had notified consumers that information such as first and last names, billing addresses, phone numbers, account numbers and more were compromised. According to a statement provided through their website, Sprint stated how the information collected by hackers does not allot for the possibility of fraud or identity theft to occur. After the breach, Sprint had “taken appropriate action” in securing customer accounts to avoid another mishap such as this from happening again. The carrier company also noted how fraudulent activity has yet to be detected. 

On June 25th, Sprint had reset its customers’ Personal Identification Numbers (PINs) in case hackers had breached consumer accounts through PIN. Hackers could have likely gained access to account PINs via a Boost Mobile breach that occurred back in March (Boost Mobile uses Sprint’s network). 

Sprint’s spokesperson emailed CNET stating that “credit card and social security numbers are encrypted and were not compromised” when the data breach happened. Another spokesperson from Samsung had stated that fraudulent activity was detected through hackers using Sprint account information on Samsung’s main website. The spokesperson continues: “We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”

British Airways Announces Data Breach of Consumer Credit Card Information

Image Source: iStock.com/Boarding1Now

On Thursday, September 6th, British Airways announced they were the latest target of a data breach involving compromised credit card data of around 380,000 consumers.

In a statement, the airline clarifies how passport information was not affected by the breach. Financial details were said to be stolen between August 21 and September 5 from both the British Airways website and mobile application.

Due to negligence in data protection, British Airways may have a 4% fine in their hands, as GDPR data protection laws strictly target the global annual income of businesses that make such errors.

According to a security firm, hackers used skimming malware to gain access to consumer payment information. RiskIQ researcher Yonathan Klinjnsma explains how it took only 22 lines of injected code into the airline’s mobile and web platform for the breach to occur. Such online-skimming tactics aren’t new, as Ticketmaster UK was also hit by a similar breach back in June, this caused by the same hacker operatives known as “Magecart”.

As explained in his research:

“Magecart injects scripts designed to steal sensitive data that consumers enter into online payment forms on e-commerce websites directly or through compromised third-party suppliers used by these sites.”

Hackers specifically customized their coding structure to avoid any possible detection. Once consumers inputted their credit card information and hit “submit”, such data was “extracted…and sent to the attacker’s server,” Klinjnsma reports. Consumer names, including email and billing addresses were also collected.

“Magecart is [still] an active threat…[and has] been active since 2015…” he says. Hackers using this technique of information theft “have continually refined their tactics…to maximize [their] return…”

Consumers of the airline have been urged to get a new card after the breach was reported.

To avoid any further situations such as this, companies must always take precautionary steps of heightened security to ensure consumer data is safe, especially when sensitive information is involved.