After the gigantic flaw exploited by the group of hackers Lapsus$ in March, the new event proved to be of the same magnitude. Samsung has formalized it itself, but the facts date back to the end of July. Samsung would have become aware of the problem on August 4th.
Among the personal data recovered, the malicious could have recovered the names, dates of birth, contact details of customers and information on their device. In a blog post, Samsung limits the damage to US customers, for now.
“The relevant information for each affected customer may vary. Samsung has detected the incident and has taken steps to secure the affected systems. We have engaged a leading external cybersecurity firm and are coordinating with law enforcement”says Samsung.
How does Samsung know that only US customers are affected? To understand it, you have to look in detail at the flaw in question. On its online FAQ, we learn that a third party has integrated Samsung US systems.
Samsung tips
As usual, it is more prudent to redouble your attention to your mailbox and your SMS. Phishing attacks are very prevalent next to cyberattacks. In France, the problem currently affects the FranceConnect system. But other security flaws on other services such as social networks have already increased the risk of phishing.
“Based on our ongoing investigation, no immediate action is required for any of the Samsung platforms”, can we read in the FAQ of Samsung. Thus, it would not be useful to change its passwords even if the company advises its customers to remain attentive to any suspicious activity on the accounts…
In France, on its devices for professionals and businesses, Samsung has been working since last September with the startup Pradeo, born in Montpellier. A major global partnership to thwart intrusion attempts “during audio communications, internet browsing, or by SMS or instant messaging”and warn of a “excessive collection of data (address books, geolocation, etc.) by mobile applications”.