Sprint customer accounts breached by hackers

The breach happened by way of a Samsung web page.

Corinne Reichert Senior Editor
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
Expertise News | Mobile | Broadband | 5G | Home tech | Streaming services | Entertainment | AI | Policy | Business | Politics Credentials
  • I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Corinne Reichert
2 min read
A Sprint store logo seen in Los Angeles, California

Sprint customer accounts were breached via a Samsung web page.

Ronen Tivony/SOPA Images/LightRocket via Getty Images

Sprint has confirmed a data breach, telling customers that hackers broke into their accounts through a Samsung website. The number of customer accounts breached isn't yet known, CNET sister site ZDNet reported Tuesday.

The hack occurred June 22, Sprint told its customers in a letter, and included details like first and last name, billing address, phone number, subscriber ID, account number, device type, device ID, monthly charges, account creation date, upgrade eligibility and any add-on services. It occurred via the Samsung "add a line" website. 

"No other information that could create a substantial risk of fraud or identity theft was acquired," Sprint said. The carrier added it has "taken appropriate action" to secure all accounts, and hasn't found any fraudulent activity resulting from the breach.

Watch this: Putting Sprint's 5G to the test on the LG V50

Sprint said it notified customers on June 25 of a PIN reset "just in case" their PIN had been compromised. In, Sprint was also breached via its Boost Mobile prepaid subsidiary -- it said hackers used Boost phone numbers and Boost.com PIN codes to gain access to Sprint accounts.

"Information such as customers' account Personal Identification Numbers (PINs) may have been compromised, however credit card and social security numbers are encrypted and were not compromised," Sprint told CNET in an emailed statement.

A Samsung spokesperson told CNET the company takes security very seriously.

"We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung," the spokesperson said in an emailed statement. "We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts."

From Apple to Samsung: 5G phones available right now

See all photos