Go to listing page

A bug in Sprint website exposes other people’s account information

A bug in Sprint website exposes other people’s account information
  • The exposed information included customers’names, phone numbers as well as calls made to other users.
  • The internal teams are working on correcting the problem.

A bug has allowed several Sprint customers to see personal information of other customers from their online accounts. It is not clear as for how long the account information leak persisted.

What’s the matter - According to TechCrunch, several customers complained that they could see other Sprint customers’ personal details while visiting their accounts. The information visible included customers’names, phone numbers as well as calls made to other users.

“I was able to click each one individually and see every phone call they made, the text messages they used, and the standard info, including caller ID name they have set,” a customer told TechCrunch.

Where does the flaw exist: Oscar, Tovar, vulnerability verification specialist at WhiteHat Security, noted that the data leak is due to a software bug that was not discovered before the release of deployment, SC Magazine reported.

The exposure “serves as a reminder that security encompasses all stages of the software development life cycle, including testing,” said Tovar, noting that in Sprint’s case, “the application did not sufficiently enforce user account access controls, which in turn, led to the disclosure of some user account information.”

Containing the issue - Sprint spokesperson Lisa Belot has confirmed the issue. “Last night, a technical issue with Sprint.com allowed a limited number of customers to view some information associated with other Sprint accounts,” she told TechCrunch.

Upon discovery, the firm immediately took the matter into consideration. The internal teams are working on correcting the problem.

Cyware Publisher

Publisher

Cyware