+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Personal information from thousands of Sprint, AT&T, Verizon, and T-Mobile customers was accidentally left exposed - here's how to check if you were affected

Dec 5, 2019, 21:35 IST
ReutersA man walks past a Sprint store in New York City.
  • The personal data of hundreds of thousands of cell subscribers was left exposed on an unprotected server.
  • The exposure, first reported by TechCrunch, occurred after a contractor working with Sprint left subscribers' phone bills unprotected on a server hosted by Amazon Web Services.
  • Phone bills affected by the exposure included subscribers of Sprint, AT&T, Verizon, and T-Mobile.
  • Visit Business Insider's homepage for more stories.

Hundreds of thousands of cell subscribers' personal information was accidentally left unprotected on a cloud server hosted by Amazon Web Services, according to a report from Fidus Information Security.

The data exposure includes names, addresses, phone numbers, and users' call histories, TechCrunch first reported. Some users' login information, including usernames, passwords, and PINs, were also exposed. Phone bills affected by the exposure included those from subscribers of AT&T, Verizon, and T-Mobile, which were in Sprint's possession because of a promotion in which Sprint compared its prices to users' current cell plans.

It's not clear whether hackers accessed the data while it was exposed. Sprint did not immediately respond to Business Insider's request for comment, but a Sprint spokesperson told TechCrunch that "the error has been corrected."

Advertisement

The server was owned by a third-party contractor working with Sprint, and was hosting phone bills of users switching from other cell providers to Sprint. That third-party contractor was marketing firm Deardorff Communications, president Jeff Deardorff confirmed to TechCrunch.

Data exposures are a fairly common security risk in the realm of cloud storage. This risk is especially heightened when data is being shared with third-party contractors, who are less likely to possess the security infrastructure and know-how to protect user data, according to cybersecurity experts.

"Cloud data storage systems are inherently dangerous ... safely leveraging cloud databases requires very specific, robust operating standards," Kelly White, CEO of cyber risk software company RiskRecon, told Business Insider. "Even if an organization chooses to not leverage certain cloud database technologies due to their inherent hazard, it is certainly the case that their third-parties do."

How to find out if you're affected

Federal rules require companies to inform customers when their personal data is affected by an exposure. However, it's unclear whether Sprint or the third party, Deardorff Communications, is assuming responsibility for that role (a Deardorff Communications spokesperson did not immediately respond to Business Insider's request for comment).

As such, if you're a Sprint customer or someone who considered switching to Sprint, the simplest way to find out if you're affected is to contact Sprint directly.

Advertisement

If you aren't a Sprint customer and never participated in a Sprint promotion to compare your phone bill to Sprint's prices, you're most likely unaffected by the exposure.

Just to be safe, it's wise to change the password and PIN associated with your cell provider.

NOW WATCH: I tried cooking an entire Thanksgiving dinner using Google Home Hub and found there are 2 major flaws with it

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article