Skip to main content

Sprint is the latest carrier to suffer from a security lapse potentially exposing customer data

Following security vulnerabilities affecting AT&T and T-Mobile a few days ago, TechCrunch reports this weekend that Sprint is also facing a security loophole. According to the report, Sprint used “two sets of easy-to-guess usernames and passwords” for access to a company portal that housed customer data…

TechCrunch says that a security researcher was able to successfully gain access to an internal Sprint staff portal using “two sets of weak, easy-to guess usernames and passwords.” The portal log-in page did not use two-factor authentication, with the security researcher saying they were able to access pages that “could have” allowed access to customer account data.

Using two sets of weak, easy-to-guess usernames and passwords, a security researcher accessed an internal Sprint staff portal. Because the portal’s log-in page didn’t use two-factor authentication, the researcher — who did not want to be named — navigated to pages that could have allowed access customer account data.

On the employee portal were tools for things such as device swaps, cell plan management, activation status, and more. In addition to Sprint customers, the data of Boost Mobile and Virgin Mobile – which are Sprint subsidiaries – was also accessible.

When alerted about the security lapse, Sprint said it did not believe customer information could have been obtained, though it added that customer security is a top priority and the issue had been resolved:

“After looking into this, we do not believe customer information can be obtained without successful authentication to the site,” said a Sprint spokesperson.

“Based on the information and screenshots provided, legitimate credentials were utilized to access the site. Regardless, the security of our customers is a top priority, and our team is working diligently to research this issue and immediately changed the passwords associated with these accounts,” the spokesperson said.

News of Sprint’s apparent lapse in security comes just a few days after security flaws affecting T-Mobile and AT&T were also exposed. You can read more on those loopholes in our original coverage right here.


Subscribe to 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com