Samsung admits to data breach unconnected to mysterious Find My Mobile 1 push notification
Last week, Samsung customers around the world were confused by the appearance of a mysterious push notification which simply read "1". The company revealed that the Find My Mobile notifications had been sent out by mistake as part of a test, but there was something even more worrying.
In addition to the random notification, some users reported that they were able to access personal data of other users, including names, addresses and partial payment card details. Samsung has now admitted to the data breach and says it will be contacting those affected.
- Samsung announces the Galaxy S20, S20+ and Galaxy S20 Ultra
- Samsung reveals Galaxy Z Flip in surprise Oscars 2020 ad
- Samsung T7 Touch is a USB 3.2 Gen 2 SSD with integrated fingerprint reader
The initial push notification that greeted Samsung users around the world was explained away as simply having been "sent unintentionally during an internal test".
Responding to queries on Twitter, Samsung apologized to customers who had received the confusing message on their phones:
Recently, a notification about “Find My Mobile 1” occurred on a limited number of Galaxy devices. This was sent unintentionally during an internal test and there is no effect on your device. We apologize for any inconvenience this may have caused our customers. ^LF
— Samsung Help UK (@SamsungHelpUK) February 20, 2020
But it is only now that the company has spoken out about the availability of other user's personal data. In a statement given to the Register, a spokesperson said:
A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.
Samsung says, however, that the data breach is unconnected to the push notification issue. The company told Sammobile that the two incidents are unrelated, and points out that customers' ability to see other users' data was because of a technical error limited to its UK website.