Samsung Confirms Hackers Compromised Customer Data Starting July 2019 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

In an email received by this reporter on the evening of November 15, Samsung Electronics (U.K.) Limited confirmed that it had “recently discovered a cybersecurity incident” affecting personal customer information. Here’s what we know so far.

What Does The Samsung Hacking Disclosure Say?

According to the email, the hack was discovered on November 13. Although there is no indication as to the specific third-party business application involved, Samsung has firmly pointed the finger of blame in the direction of a vulnerability within that unnamed app. “It was determined that an unauthorized individual exploited a vulnerability in a third-party business application we use,” the email states. Customers making purchases between July 1, 2019 and June 30, 2020 are said to be impacted.

Samsung goes on to say that personal information pertaining to some customers who had made purchases on the SEUK eCommerce site was affected. The compromised data includes, Samsung says, names, addresses, phone numbers, email and IP addresses. According to the Samsung disclosure email, the hacker didn’t access any financial data or passwords.

MORE FROM FORBESGmail And Photos Content Deletions Will Start December 1, Google Says

Third-Party Application Vulnerability At Fault, Samsung Says

There is precious little other known information at this point in time, at least as it relates to the third-party business application or the vulnerability concerned. However, Samsung says that the application’s operation was suspended upon incident discovery and a forensic review was launched. Additional technical measures, including patching the application vulnerability, have been taken.

MORE FROM FORBESSamsung Galaxy S23 Hacked By Million Dollar Zero-Day Attackers

Should All Samsung Users Be Concerned?

As already mentioned, the Samsung email refers to users of the U.K. eCommerce site, and there is no word if other servers have been impacted. You would also have needed to access that site between July 2019 and June 2020 and made a purchase. Although Samsung says there is no immediate action required by users, it does recommend the following precautions:

  • Remain cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
  • Avoid clicking on links or downloading attachments from suspicious emails
  • Read the U.K. National Cyber Security Centre’s guidance on how to spot suspicious messages and protect yourself following such a cyber incident.

A Samsung spokesperson supplied the following statement: “We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained. No financial data, such as bank or credit card details, or customer passwords, were impacted. We have taken all necessary steps to resolve this security issue, including reporting the incident to the Information Commissioner’s Office and contacting affected customers.” Concerned customers can contact Samsung support by email at [email protected] with any further questions.


Click Here For The Original Story From This Source.

How can I help you?
National Cyber Security