A new report claims that hundreds of thousands of personal data of cell subscribers were left exposed on an unprotected server. The exposure reportedly happened after a contractor working with Sprint left the phone bills of the subscribers unprotected on an Amazon Web Services hosted server. Affected phone bills belong to subscribers of T-Mobile, Sprint, AT&T, and Verizon.

Fidus Information Security first reported the massive personal data exposure of countless cell subscribers of major cell industries in the US. The data exposure includes addresses, names, phone numbers, and call histories of the users. Some login credentials of the users, including passwords, PINs, and usernames were also exposed, says Techcrunch.

Sprint Blasts T-Mobile, AT&T deal
A woman talks on her phone as she walks past T-mobile and Sprint wireless stores in New York. Sprint issued a statement criticizing the merger between AT&T and T-Mobile announced over the weekend. REUTERS

Phone bills included in the exposure are those of subscribers of Verizon, AT&T, and T-Mobile, which were in possession of Sprint because of a recent promotion where the telecom company compared its prices to the current cell plans of its users. At this point, it is not clear if hackers were able to access the said data while they were exposed to an unprotected server. The error has already been corrected, according to a report from Business Insider, who was told by a Sprint representative on the current status of the issue.

The unprotected server is owned by a contractor working with Sprint and hosting phone bills of users switching to Sprint from other cell providers. The contractor is Deardorff Communications, whose president Jeff Deardorff confirmed to Techcrunch the recent issue. Sprint already said that all affected customers would be notified. But it is not yet clear which company will assume the responsibility for that role (Deardorff Communications or Sprint).

If you want to know whether you are affected by the recent users’ personal data exposure, the fastest way is to contact Sprint directly. If you are not a Sprint customer and have never been a part of the recent Sprint promotion where your phone bill was sent to the company to compare it with Sprint’s prices, then you are most likely not affected by the exposure. To be safe, it is recommended that you change your PIN and password associated with your current cell provider.