Security News > 2020 > January > Sprint Exposed Customer Support Site to Web

Sprint Exposed Customer Support Site to Web
2020-01-29 19:02

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web.

KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called "Social Care" was being indexed by search engines, and that several months worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser.

"These conversations include minimal customer information and are used for frontline reps to escalate issues to managers," said Lisa Belot, Sprint's communications manager.

A review of the exposed support forum by this author suggests that while none of the posts exposed customer information such as payment card data, a number of them did include customer account information, such customer names, device identifiers and in some cases location information.

The misstep by Sprint comes just days after Microsoft acknowledged that a database containing "a subset of information related to customer support interactions was accessible to the internet between the dates of Dec. 5 and Dec. 31, 2019." Microsoft said it was alerting individuals whose information was exposed, which included location information, email and IP addresses, telephone numbers and descriptions of technical issues.


News URL

https://krebsonsecurity.com/2020/01/sprint-exposed-customer-support-site-to-web/