Samsung admits to an accidental customer data leak after mysterious Find My Mobile '1' notification [Updated]

Samsung logo at CES 2019 (Image credit: Android Central)

What you need to know

Samsung suffered from a data leak last week as a side effect of an internal test.
Customers were temporarily able to view sensitive data belonging to other customers whole logged into their own accounts.
The firm will notify affected customers as soon as it can with more details.

Samsung has admitted to inadvertently causing a data leak last week as part of an internal test. For context, last week users of the firm's smartphones were bewildered to wake up to a notification simply reading "1".

On Twitter, Samsung UK attributed the notification to a test of sorts.

Recently, a notification about “Find My Mobile 1” occurred on a limited number of Galaxy devices. This was sent unintentionally during an internal test and there is no effect on your device. We apologize for any inconvenience this may have caused our customers. ^LFRecently, a notification about “Find My Mobile 1” occurred on a limited number of Galaxy devices. This was sent unintentionally during an internal test and there is no effect on your device. We apologize for any inconvenience this may have caused our customers. ^LF— Samsung Help UK (@SamsungHelpUK) February 20, 2020 February 20, 2020

That wasn't the only issue users faced. At the same time, some other users reported that they could access the details of other users, including the last four digits of payment cards, names, and addresses when signed into their own individual accounts. As you can imagine, that's a serious data leakage for the affected users.

Speaking to The Register, a Samsung spokesperson gave the following statement:

A technical error resulted in a small number of users being able to access the details of another user. As soon as we became aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.

It's not exactly clear how this is linked to the mystery "1" notification but it probably has something to do with whatever internal test triggered the notification. It's also not clear what a "small number" is. Does Samsung mean a small percentage of its users or an absolute small number? The difference between that is vital for understanding just how widespread it was.

Whether we learn more details about this leak or not depends on what information the firm eventually forwards to affected customers.

Update: No link between the two situations

Samsung confirmed to Sammobile that there was no link between the two situations other than temporal. It was a simple conincicence. The firm has also clarified the small number of customers that were affected, pinning the number as only 150. In other words, nothing too bad.

SlickWraps' website is full of vulnerabilities — and they don't seem to care

6 Comments

This is why so many people hate this digital Era we live in today. You'd like to think this would have been communicated to its users sooner.
This happened last Thursday. They need time to do their research and to stop the issue before announcing it was there in the first place. Taking 5 days, if they worked during the weekend, seems reasonable. It's much better than the leaks we hear about a year later. Hope you're not using Nord VPN.
Awesome. I guess I was one of the lucky winners.
To a spokesperson, small number is anything less than infinity. IIRC, it seems those on here who reported receiving the message were faiy Samsung handset diverse and geographically dispersed.
Yup. If 1% of S10 series devices were affected, that's 160,000 people. Small comparative to the total sales figures, but not exactly small in real terms.
Welp, that's another credit monitoring service I'm gonna have under my belt once Samsung is done with this...

Show more comments