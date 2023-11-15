Samsung confirms access to customer data by hacker Future via Getty Images

In an email received by this reporter on the evening of November 15, Samsung Electronics (UK) Ltd. confirmed that it has “recently discovered a cybersecurity incident” affecting personal customer information. This is what we know so far.

What does the Samsung hacking disclosure say?

According to an email that arrived in my inbox on the evening of November 15, the hack was discovered on November 13. Although there is no indication as to the specific third-party commercial app involved, Samsung has strongly pointed the finger of blame in the direction of a vulnerability within that app. “It was determined that an unauthorized person exploited a vulnerability in a third-party business application we use,” the email said. Customers who made purchases between July 1, 2019 and June 30, 2020 are said to be affected. Samsung says that some personal information belonging to some customers who made purchases on the SEUK ecommerce site was affected. Samsung says the compromised data included names, addresses, phone numbers, emails and IP addresses. According to the Samsung disclosure email, the hacker did not access any financial data or passwords.

Samsung says third-party applications are susceptible to bugs

Very little valuable information is known at this time, at least as it relates to the third-party commercial application or the associated vulnerability. However, Samsung says operation of the application was suspended when the incident was discovered, and a forensic review was launched. Additional technical measures have been taken, including fixing vulnerabilities in the application.

Should all Samsung users be concerned?

As already mentioned, the Samsung email refers to users of the UK ecommerce site and there is no information whether other servers have been affected. You will also need to have accessed that site and made purchases between July 2019 and June 2020. Although Samsung says users do not need to take immediate action, it recommends the following precautions:

Be wary of any unsolicited communication that asks for your personal information or sends you to a web page that asks for personal information.

Avoid clicking links or downloading attachments from suspicious emails

Read the UK National Cyber ​​Security Centre’s guidance on how to spot suspicious messages and protect yourself after a cyber incident.

I have contacted Samsung for a statement, but in the meantime, concerned customers can contact Samsung Support by email at [email protected] for any further questions.