Samsung’s technical snafu from last week may have just been the start of it. The company has now confirmed that it also leaked customer data following an internal test wherein some users of its smartphones received notifications reading “1.” It's not clear if the two events are related.
The strangeness continues — Samsung chalked up the notification from its Find My Mobile app as an unintentional mistake that did not have any other effect on devices. But around the same time some users reported that logging into their Samsung accounts presented them with sensitive data on other customers, such as names and addresses.
Samsung provided the following statement to The Register regarding the new issue:
A technical error resulted in a small number of users being able to access the details of another user. As soon as we became aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.
Last week's notification seemed to reach users across a range of Samsung smartphones including the Galaxy Note, S, and J lines. Input staffers received the notification on Galaxy Z Flip and Note 10 devices. Samsung has not offered an idea of just how many users were impacted by that bug or this new one beyond saying it was a "small number."
Potential implications of leaked data — At the very least it doesn't seem like any of the data leaked was super sensitive — at most customers could view the last four digits of another customer's credit card and their address. Combining that information could allow someone with nefarious intentions to potentially steal an identity, however. Hacks involving social engineering have become more prevalent over time, with bad actors using small pieces of personal information in order to convince customer service reps to modify and hand over the user accounts of unsuspecting victims. So any leak like this is unacceptable even though most users will probably be fine.
Hopefully Samsung will offer more clarity on the extent of the leak or else we'll have to rely on public reports from customers to get a better idea of how serious this was.