Last week’s random “Find My Mobile” notification on Galaxy devices may be related to a data breach.
Late last week, troves of users reported getting a mysterious push notification on their Samsung devices that simply read “1/1.” While many brushed this off as a simple server glitch during an internal test, several readers wrote to The Register claiming that they could see the personal data of strangers after getting the notification.
Samsung chalked up the notification from its Find My Mobile app as an unintentional mistake that did not have any other effect on devices. But around the same time, some users reported that logging into their Samsung accounts presented them with sensitive data on other customers, such as names and addresses.
Recently, a notification about “Find My Mobile 1” occurred on a limited number of Galaxy devices. This was sent unintentionally during an internal test and there is no effect on your device. We apologize for any inconvenience this may have caused our customers. ^LF
— Samsung Help UK (@SamsungHelpUK) February 20, 2020
Some users reported that they were able to access personal data of other users, including names, addresses and partial payment card details. Samsung has now admitted to the data breach and says it will be contacting those affected.
“A technical error resulted in a small number of users being able to access the details of another user,” a Samsung spokesperson told The Register. “As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed.”
How many users were affected remains a mystery. A “small number,” as described by Samsung, could potentially mean millions of users given the company’s status as the world’s largest seller of smartphones.