From PC Mag: A total of 261,300 documents containing the personal information of AT&T, Sprint, T-Mobile, and Verizon subscribers from as far back as 2015 have been made publicly available by a Sprint contractor.
As TechCrunch reports, the leak consists mainly of phone bills, which include the name, address, phone numbers, and call histories of customers across the four major networks. However, some of the documents are bank statements alongside screen grabs of usernames, passwords, and PIN numbers.
The leak was discovered by penetration testing company Fidus Information Security and has been tracked back to Sprint contractor and marketing agency Deardorff Communications. It looks to be accidental and is down to a lack of security surrounding the storage of the data.
Sprint collected the documents as part of an offer to US consumers allowing them to switch to Sprint without having to pay any early termination fees. Sprint would pay them for you. The leak occurred because the contractor decided to store the documents in an Amazon Web Services (AWS) storage "bucket," but didn't bother to use a password, therefore leaving them publicly available to anyone who cared to look.
View: Article @ Source Site
