Samsung Confirms Mysterious ‘1’ Notifications Triggered A Customer Data Breach
A few days ago, some Samsung device owners reported receiving a mysterious "1/1" push notification on their smartphones, from the company's Find my Mobile app. Initially, Samsung explained it as a "message sent unintentionally during internet test[ing]" and said there was "no effect" on user's devices. However, Samsung now admits the notification compromised personal data belonging to a "small number" of users.
The notification itself was rather benign, and the result of a "technical error." That should have been the end of it. Unfortunately, some users discovered that when they went into their Samsung accounts to change their passwords (erring on the side of caution), they could see other people's personal details, including names, addresses, and phone numbers.
In a statement provided to The Register, Samsung confirmed this had in fact occurred.
"A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed," Samsung said in a statement.
According to Samsung, the data breach affected less than 150 people, so it was rather contained (as far as security breaches go). Samsung is in the process of contacting affected customers directly to alert them of the situation.
An interesting side note to all this is that the Find my Mobile application is a preinstalled app on Samsung smartphones. There's no easy way to uninstall it. In addition, some users report receiving the 1/1 notification even though they had the app disabled. It is a bit disturbing that an app forced onto users could result in a data breach.