Personal information from thousands of Sprint, AT&T, Verizon, and T-Mobile customers was accidentally left exposed — here's how to check if you were affected (S)

  • The personal data of hundreds of thousands of cell subscribers was left exposed on an unprotected server.
  • The exposure, first reported by TechCrunch, occurred after a contractor working with Sprint left subscribers' phone bills unprotected on a server hosted by Amazon Web Services.
  • Phone bills affected by the exposure included subscribers of Sprint, AT&T, Verizon, and T-Mobile.
  • Visit Business Insider's homepage for more stories. 

Hundreds of thousands of cell subscribers' personal information was accidentally left unprotected on a cloud server hosted by Amazon Web Services, according to a report from Fidus Information Security.

The data exposure includes names, addresses, phone numbers, and users' call histories, TechCrunch first reported. Some users' login information, including usernames, passwords, and PINs, were also exposed. Phone bills affected by the exposure included those from subscribers of AT&T, Verizon, and T-Mobile, which were in Sprint's possession because of a promotion in which Sprint compared its prices to users' current cell plans.

It's not clear whether hackers accessed the data while it was exposed. Sprint did not immediately respond to Business Insider's request for comment, but a Sprint spokesperson told TechCrunch that "the error has been corrected."

The server was owned by a third-party contractor working with Sprint, and was hosting phone bills of users switching from other cell providers to Sprint. That third-party contractor was marketing firm Deardorff Communications, president Jeff Deardorff confirmed to TechCrunch.

Data exposures are a fairly common security risk in the realm of cloud storage. This risk is especially heightened when data is being shared with third-party contractors, who are less likely to possess the security infrastructure and know-how to protect user data, according to cybersecurity experts.

"Cloud data storage systems are inherently dangerous ... safely leveraging cloud databases requires very specific, robust operating standards," Kelly White, CEO of cyber risk software company RiskRecon, told Business Insider. "Even if an organization chooses to not leverage certain cloud database technologies due to their inherent hazard, it is certainly the case that their third-parties do."

How to find out if you're affected

Federal rules require companies to inform customers when their personal data is affected by an exposure. However, it's unclear whether Sprint or the third party, Deardorff Communications, is assuming responsibility for that role (a Deardorff Communications spokesperson did not immediately respond to Business Insider's request for comment).

As such, if you're a Sprint customer or someone who considered switching to Sprint, the simplest way to find out if you're affected is to contact Sprint directly

If you aren't a Sprint customer and never participated in a Sprint promotion to compare your phone bill to Sprint's prices, you're most likely unaffected by the exposure.

Just to be safe, it's wise to change the password and PIN associated with your cell provider.

NOW WATCH: Apple just released iOS 13.2 with 60 new emoji and emoji variations. Here's how everyday people submit their own emoji.

See Also:

SEE ALSO: A cybersecurity expert describes the underground hacker network where stolen usernames and passwords are 'traded like Pokémon cards'

Data & News supplied by
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.