After customers were startled by a strange push notification last week, Samsung has confirmed certain Galaxy phone users may have been hit by a data breach – but claims the two incidents are unrelated.
Last week, Samsung owners received a weird 1-1 message on their phones, delivered via the Find my Phone app. This unprompted message was worrying enough, but some startled users were then further confused when they went to log in to the Samsung website and found themselves confronted by other people’s data.
Samsung claims that these two incidents are completely distinct from one another and it’s just a terribly unlucky coincidence that they happened pretty much simultaneously.
A spokesperson issued the following statement: “A technical error [isolated to samsung.com/UK] resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.”
The detail exposed by the leak include names, email addresses, telephone numbers and purchase history. Samsung says that credit card details will not have been visible and that fewer than 150 customer were affected.
When asked separately about the notification incident, Samsung dismissed this as an accidental side-effect of some internal testing on the Find My Phone app. A spokesperson was also quick to say that it shouldn’t affect your phone in any way and that they were super-duper sorry for the upset.
Worryingly, some Samsung owners are reporting that they received the notification despite having this app disabled. At present, users can’t remove the app, so the closest you can get to deleting it is by deactivating it on your phone.
It’s actually a fairly powerful app, given that it has the ability to remotely remove all of your data if your phone gets stolen. Several people have approached Samsung to ask why the app can still push notifications onto your phone when it’s supposed to be disabled, but so far the company hasn’t explained or defended this.