Last week, hundreds of Samsung Galaxy device users reported receiving a strange notification from the Find My Device app that contained only the number 1. In this regard, Samsung stated that this was a bug that affected a small number of users, noting that it was due to a failure during a series of tests.
Although the company mentioned that the data of the affected users were not compromised, soon after a new version of the incident emerged, this would be confirmed by Samsung today morning. According to the company, this notification compromised the data of “a small number of users of Galaxy devices”.
Indeed, the sending of this notification was due to a technical error, so it would not have had greater consequences if it were not for some users trying to reset their login credentials, thinking of a possible computer security incident. Upon logging into their accounts, users discovered that it was possible to access the personal information of other Galaxy users, including names, addresses, and phones, among other data.
Through a statement, Samsung acknowledged the exposure of information: “A technical error led to the exposure of information from a small number of users. This data was exposed only to other users of Samsung devices. The failure on the login page was corrected as soon as the incident was detected,” the company says.
Samsung claims the incident affected fewer than 200 people and has already been fully contained. Potentially affected users have already been notified.
It should be remembered that Find my Mobile is an app pre-installed on Samsung smartphones, so users who wish to uninstall it must have a certain level of knowledge. In addition, the signature is able to send notifications of this app even if it is disabled, so users could still be exposed to some similar flaw.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.