A Sprint contractor by mistake left thousands of cell phone bills on an unprotected cloud server

Tajammul Pangarkar
Tajammul Pangarkar

Updated · Dec 6, 2019

SHARE:

News.Market.us is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.
close
Advertiser Disclosure

At Market.us News, we strive to bring you the most accurate and up-to-date information by utilizing a variety of resources, including paid and free sources, primary research, and phone interviews. Our data is available to the public free of charge, and we encourage you to use it to inform your personal or business decisions. If you choose to republish our data on your own website, we simply ask that you provide a proper citation or link back to the respective page on Market.us News. We appreciate your support and look forward to continuing to provide valuable insights for our audience.

Sprint is a cell giant company that provides wireless services and is an internet service provider.  A contractor working for Sprint stored hundreds of thousands of Verizon, AT&T, and T-Mobile cell phone bills on an unprotected cloud server. There were more than 261,300 documents in the processing bin. The majority of which were mobile phone bills dating back to 2015. But the storage bucket, presented on the Amazon Web Services (AWS), wasn’t password-protected and also allowed anybody to access the inside data. According to the Sprint brand documents found on the server, these bills-containing names, addresses, and phone numbers, and many included call logs-were collected as part of the offer to enable mobile subscribers to switch to Sprint. These documents explain how the cell giant pays subscribers’ early termination fees to disrupt their current cell service contracts, a sales strategy commonly used by cell providers.

In some circumstances, sensitive documents were found, including a bank statement and a screenshot of a web page that had usernames, account PINs, and passwords of subscribers. These data could allow access to a customer’s account. Fidus Information Security, a UK-based penetration testing firm, noticed the exposed data as it was not cleared immediately. The firm reported to Amazon regarding security lapse, which was further informed to customers. Also, the storage bucket was closed.

After a brief review of the cache, it was noticed that a document that simply said, “TEST” was run through the metadata checker. It revealed the person’s name who created the document. The person is an account executive of a marketing agency, Deardorff Communications, responsible for Sprint promotions. When reached, Deardorff Communications president, Mr. Jeff Deardorff confirmed that his company owned the bucket. Earlier on Wednesday, access for the bucket was restricted. He said in an email to TechCrunch (owned by Verizon) that he has conducted an investigation internally to determine the root cause of this problem. Also, the agency is updating its procedures and policies to avoid similar mistakes further.

SHARE:
Tajammul Pangarkar

Tajammul Pangarkar

Tajammul Pangarkar is a tech blogger that frequently contributes to numerous industry-specific magazines and forums. Tajammul longstanding experience in the fields of mobile technology and industry research is often reflected in his insightful body of work. His interest lies in understanding tech trends, dissecting mobile applications, and in raising a general awareness of technical know-how. When he’s not ruminating about various happenings in the tech world, he can be usually found indulging in his next favorite interest - table tennis.