In this digital age, we rely on the internet for a lot of things. From doing our shopping to staying in touch with friends and family and everything in between. That is a lot of our personal data on the web.
There have been countless movements to help draw attention to online security by urging users to observe safe online practices and behaviors. This is all good until one of the big players drops the ball on security.
A recent report by Krebs on security reveals that American Telecom company, Sprint recently had an incident where a section of its private internal communication channel was accessible without need for authentication. As a result, details on these webpages containing personal customer details were indexed by search engines and accessible on the web.
Speaking on this issue, a Sprint spokesperson responded confirming that the forum was indeed intended to be a private section of its support community, but that an error caused the section to become public.
The internal customer support forum called “Social Care” was being indexed by search engines, and several months’ worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser. Below is a reducted example of leaked customer information.
“These conversations include minimal customer information and are used for frontline reps to escalate issues to managers,”
said Lisa Belot, Sprint’s communications manager.
Minimal or not, this is still confidential customer info and it should not be readily accessible on the web. In recent times, scammers have been going above and beyond in their craft. Such information can easily be used to target any number of users.
A recent report points out that hackers have turned their efforts into phishing workers at major U.S. telecommunications companies. This is in a bid to gain access to internal company tools. These scammers are now getting telecom employees to run software that lets the hackers directly reach into the internal systems of U.S. telecom companies to take over customer cell phone numbers.
This is all scary stuff, especially bearing in mind that these people are often more trained than the average user. If these people can be targetted, the public needs to be a lot more vigilant.
For the average user, it pays to be more judicious about the types of personal information we voluntarily share on social media and other Websites. And now, it might be wise to also consider the kind of information you give out to your service providers as even they drop the ball sometimes.
Most notable, recently, Microsoft also had an incident where customer support data was leaked.
PiunikaWeb started as purely an investigative tech journalism website with main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and many others. Want to know more about us? Head here.