A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts.
The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited one customer saying, “I was able to click each one individually and see every phone call they made, the text messages they used, and the standard info, including caller ID name they have set.”
Oscar Tovar, vulnerability verification specialist at White Hat Security, said the glitch appeared “to be the result of a software bug that was not discovered before the release deployment.”
The exposure “serves as a reminder that security encompasses all stages of the software development life cycle, including testing,” said Tovar, noting that in Sprint’s case, “the application did not sufficiently enforce user account access controls, which in turn, led to the disclosure of some user account information.”