![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
BoingBoing reader Steve Parkinson has discovered a customer data security hole in the automated phone care system for Sprint Wireless.
Here's how it works. You dial a certain toll-free Sprint customer service line (doesn't matter what number you're dialing from), then punch in the cellphone number of a Sprint Wireless subscriber (not necessarily yours). The Sprint voice-bot reads back to you the full name and street address of the accountholder associated with that number. Could be you, could be someone else.
Steve discovered that under certain circumstances, at a later stage in the call process, this service will also read read back to you the names of other residents at that same address.
Oh, that's just brilliant. The more I learn about information security in the US, the more I fear for the human race.
Here's how it works. You dial a certain toll-free Sprint customer service line (doesn't matter what number you're dialing from), then punch in the cellphone number of a Sprint Wireless subscriber (not necessarily yours). The Sprint voice-bot reads back to you the full name and street address of the accountholder associated with that number. Could be you, could be someone else.
Steve discovered that under certain circumstances, at a later stage in the call process, this service will also read read back to you the names of other residents at that same address.
Oh, that's just brilliant. The more I learn about information security in the US, the more I fear for the human race.
Tags: