As originally reported by ZDNet, Sprint informed its customers that a major security breach took place on June 22. Hackers used an as-yet-undefined vulnerability on a promotional Samsung website to obtain Sprint customer information. Sprint has yet to disclose how many accounts were implicated or how long the information was accessible, so it’s unclear just how big of a breach this was. What we do know is that the leaked information included “phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address and add-on services,” according to a message Sprint sent to some users in response to the breach.
Later in the letter, Sprint assured customers that “no other information that could create a substantial risk of fraud or identity theft was acquired,” but you’ll have to excuse us for not sharing Sprint’s confidence. Saying that nothing of “substantial risk” was leaked is all well and good, but there’s plenty of information included in the leak that could be leveraged by hackers to take over your device and account.
Sprint took the liberty of changing the PINs for accounts that may have been compromised, but we like to err on the side of caution around here. This is the perfect excuse to take a few moments and update your Sprint account’s password and/or PIN even if you haven’t received notice from Sprint that your info was leaked. You can do this in the account settings after signing in to Sprint’s website. If you need help coming up with a new password, check our guide here.