What you need to know
- Samsung suffered from a data leak last week as a side effect of an internal test.
- Customers were temporarily able to view sensitive data belonging to other customers whole logged into their own accounts.
- The firm will notify affected customers as soon as it can with more details.
Samsung has admitted to inadvertently causing a data leak last week as part of an internal test. For context, last week users of the firm's smartphones were bewildered to wake up to a notification simply reading "1".
On Twitter, Samsung UK attributed the notification to a test of sorts.
Recently, a notification about “Find My Mobile 1” occurred on a limited number of Galaxy devices. This was sent unintentionally during an internal test and there is no effect on your device. We apologize for any inconvenience this may have caused our customers. ^LFRecently, a notification about “Find My Mobile 1” occurred on a limited number of Galaxy devices. This was sent unintentionally during an internal test and there is no effect on your device. We apologize for any inconvenience this may have caused our customers. ^LF— Samsung Help UK (@SamsungHelpUK) February 20, 2020February 20, 2020
That wasn't the only issue users faced. At the same time, some other users reported that they could access the details of other users, including the last four digits of payment cards, names, and addresses when signed into their own individual accounts. As you can imagine, that's a serious data leakage for the affected users.
Speaking to The Register, a Samsung spokesperson gave the following statement:
A technical error resulted in a small number of users being able to access the details of another user. As soon as we became aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.
It's not exactly clear how this is linked to the mystery "1" notification but it probably has something to do with whatever internal test triggered the notification. It's also not clear what a "small number" is. Does Samsung mean a small percentage of its users or an absolute small number? The difference between that is vital for understanding just how widespread it was.
Whether we learn more details about this leak or not depends on what information the firm eventually forwards to affected customers.
Update: No link between the two situations
Samsung confirmed to Sammobile that there was no link between the two situations other than temporal. It was a simple conincicence. The firm has also clarified the small number of customers that were affected, pinning the number as only 150. In other words, nothing too bad.
SlickWraps' website is full of vulnerabilities — and they don't seem to care
