US mobile network operator Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com "add a line" website.
"On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com 'add a line' website," Sprint said in a letter it is sending impacted customers.
"The personal information of yours that may have been viewed includes the following: phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services," the US telco said.
Sprint said the information hackers had access to did not pose "a substantial risk of fraud or identity theft," although, many might disagree with its assessment.
The company said it re-secured all compromised accounts by resetting PIN codes, three days later, on June 25.
Unknown number of compromised accounts
The Sprint account breach notification lacks a few important details, such as the number of breached accounts, the date when hackers first started accessing Sprint accounts via the Samsung.com website, and if hackers modified any customer account details.
ZDNet reached out to Sprint with all these questions, along with an inquiry of how Sprint discovered the breach in the first place. A spokesperson did not respond in time for this article's publication.
This is the second account breach notification letter Sprint is sending this year. The company also suffered another breach via Boost Mobile, a virtual mobile network and Sprint subsidiary.
In May, Sprint said hackers used Boost phone numbers and Boost.com PIN codes to access users' Sprint accounts.
More data breach coverage:
- Marriott faces $123 million GDPR fine in the UK for last year's data breach
- Hacker steals data of millions of Bulgarians, emails it to local media
- Canonical GitHub account hacked, Ubuntu source code safe
- Bitpoint cryptocurrency exchange hacked for $32 million
- Hackers breached Greece's top-level domain registrar
- Pale Moon says hackers added malware to older browser versions
- A hacker assault left mobile carriers open to network shutdown CNET
- 90% of data breaches in US occur in New York and California TechRepublic