Samsung Recent Security Incident

&gt; but in some cases, may have affected information such as name, contact and demographic information, date of birth, and<p>That&#x27;s all you need to steal someone&#x27;s identity. Major reason why I never give any website my real birthday, and use a password manager to remember all the various &quot;birthdays&quot; I&#x27;ve been required to provide for no ostensible reason.<p>If we wanted to hammer out a quick and effective privacy legislation, it would be: you need a demonstrable reason to ask for someone&#x27;s birthday (e.g., legal reason to validate you&#x27;re old enough to open a bank account or whatever), not &quot;i want to send a happy birthday newsletter every year (and also sell it in a package to data brokers)&quot;

Oh, Samsung. I just went through the most insane account recovery process I&#x27;ve ever seen. Tried to register a Samsung account, but my email was already taken. Guess I must have had an account at some point. If you forget your password, you have to provide your name and date of birth to reset it. If you fail to enter the correct details many times, which I somehow did, eventually they will send you the recovery email anyway. When I received it, it was in a language I&#x27;d never seen. Then I discovered that it was actually somebody else&#x27;s account from Indonesia that was using my email address without me ever knowing. So I now have a Samsung account that was someone else&#x27;s but it was using my email so it was really mine?

Just got the email from Samsung saying I was part of the breach. At the end of this (extremely long and excuse-ridden) email they inform me that I&#x27;m entitled to a free credit check every year from credit reporting agencies.<p>Can&#x27;t we just fast forward to the part where they send me a $5 check for the class action settlement? They&#x27;d save a ton on legal fees.

Just here to remind everyone that Samsung televisions take screenshots at regular intervals of what you watch and sends this to be stored with the same level of “security”.

I love how they don&#x27;t say how big the breach was, what systems were affected, or how to opt-out of them stealing your personal information and storing it on poorly secured servers:<p>&gt; <i>Why does Samsung have my data?</i><p>&gt; <i>We collect information necessary to help deliver the best experience possible with our products and services. We know how important privacy is to our customers, and we provide information about how we&#x27;re planning to use customer data, in strict compliance with relevant privacy laws. You may visit the U.S. Privacy Policy section of our website for more details on how we may obtain data and for what purposes: <a href="https:&#x2F;&#x2F;www.samsung.com&#x2F;us&#x2F;account&#x2F;privacy-policy&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.samsung.com&#x2F;us&#x2F;account&#x2F;privacy-policy&#x2F;</a>.</i>

California residents can request their data to be deleted here:<p><a href="https:&#x2F;&#x2F;www.samsung.com&#x2F;us&#x2F;privacy&#x2F;ccpa&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.samsung.com&#x2F;us&#x2F;privacy&#x2F;ccpa&#x2F;</a><p>I was surprised I even had a Samsung account so I can&#x27;t think of any reason to keep one after this.

Just got this email. I love how they don&#x27;t even try to pay you off. They just show you where to get your free credit report where if you&#x27;ve already accessed it, you&#x27;re screwed.

This ship kinda sailed after Equifax data breach, but I wish we could make data a real liability ( as in, if you store it, you are on an actual legal hook for it ). 2017 settlement[1] was largely a joke if not an insult to all the affected individuals. The company still operates, no one went to jail and the company got a hard cap on potential claim from affected people.<p>I don&#x27;t know what the solution is exactly though ( I mean how to effect actual change instead of posting in this forum ).<p>[1]<a href="https:&#x2F;&#x2F;www.ftc.gov&#x2F;enforcement&#x2F;refunds&#x2F;equifax-data-breach-settlement" rel="nofollow">https:&#x2F;&#x2F;www.ftc.gov&#x2F;enforcement&#x2F;refunds&#x2F;equifax-data-breach-...</a>

Amateurs. Samsung&#x27;s identity system was f*ed even before this. Only Lenovo&#x2F;Motorola were worse. _Of course_ they got hacked: they were a big fat (in a purely metaphorical sense), stupid, target. The entire executive suite and board should be swept out and replaced. But that won&#x27;t happen because those few have a lock on the majority of shares by either owning them outright or being golf partners with the like-minded idiot rest. Their main focus now, as always, is to deflect blame and preserve their positions. Does not inspire confidence in the future of anything. No wonder they can&#x27;t get the simple things right, like providing clean water to Flint or Jackson. The clowns have taken over the bus and are driving it right over a cliff.

&gt;At Samsung, security is a top priority.<p>Every company, always.

Having reported a critical bounty, their incident response and disclosure process is a complete shitshow. Absolute mess of a company.

as a Chinese dissident, if CCP got the leaked data and tracked to my identity via my Samsung device and account information. I may be put into CCP&#x27;s jail for my internet speech.<p>Samsung , your carelessness put many lives in danger!!

I would like to delete my Samsung account (which I was forced to create to access some feature of my phone). But I can&#x27;t even access my profile because I&#x27;d need to accept some new user agreement which I won&#x27;t do. I guess I could try sending them a letter.

Other companies keep the lid on when it happens to them. Samsung has the decency to inform you quickly and clearly, gotta give them that.

I feel stupid for ever giving Samsung this much info to begin with. But oh, they had such compelling <i>reasons</i> to do it. Like trading in my old phone to get a deep discount on a new one directly from Samsung, and bypassing all the carrier bullshit! Or locking down all of my devices, so that someone who steals my phone can&#x27;t factory reset it without supplying my Samsung account credentials!

&gt; may have affected information such as name, contact and demographic information, date of birth, and product registration information.<p>No. No matter how safe of how carefully you take your security, a vendor should NOT keep these pieces of my private information with them.

I requested to have all my info deleted by them. Let&#x27;s see how long it takes.<p>The email for my request is towards the bottom of this page: <a href="https:&#x2F;&#x2F;www.samsung.com&#x2F;us&#x2F;support&#x2F;securityresponsecenter&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.samsung.com&#x2F;us&#x2F;support&#x2F;securityresponsecenter&#x2F;</a><p>I am aware this does not fix the problem of the already stolen data, but it might make the data collection cost&#x2F;benefit analysis in favor of discarding collection all-together. Maybe. Let me dream, would you?

Can someone explain to me what the purpose of date of birth collection is? If it’s to verify the person is an adult, anyone can just lie. And why not just ask for age or age range instead?

Samsung&#x27;s disclosure doesn&#x27;t meet statutory requirements of either jurisdiction I reside in, and Samsung&#x27;s collection of my information doesn&#x27;t meet statutory requirements in one of them. I did not set up a Samsung account on my phone or log in, despite constant harassment, and now I got a notice saying my information was compromised.

&quot;...and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement.&quot;<p>Sounds like &quot;we got ransomeware&#x27;d&quot;.

It&#x27;s a red flag when a company says they are, &quot;in strict compliance with relevant privacy laws.&quot;<p>Complying with the law is the bare minimum.

For anyone who stopped using Samsung products and wishes to delete their data: <a href="https:&#x2F;&#x2F;privacy.samsung.com&#x2F;mydata&#x2F;delete&#x2F;request" rel="nofollow">https:&#x2F;&#x2F;privacy.samsung.com&#x2F;mydata&#x2F;delete&#x2F;request</a><p>I couldn&#x27;t find a way to close an account, but this is probably the next best thing.

Coincidentally (?) I got an unsolicited text message yesterday with my &quot;Samsung account verification code.&quot;

Does this apply to those who use Samsung devices without having made explicitly registered for an &quot;account&quot; with samsung.com? They must be made to reveal the extent to which keylogging and other surreptitious means of data collection are being used on their devices.

My reaction to this news.<p>Reset password &gt; get into account &gt; delete the account.<p>A useless account that i shouldn&#x27;t have used anyway.<p>Pixel + Calyx FTW.

How is it that security is a top priority when the company can’t correctly implement basic encryption?<p>Samsung shipped so many millions of phones with insecure encryption:<p><a href="https:&#x2F;&#x2F;eprint.iacr.org&#x2F;2022&#x2F;208.pdf" rel="nofollow">https:&#x2F;&#x2F;eprint.iacr.org&#x2F;2022&#x2F;208.pdf</a>

Luckily I gave all fake information to Samsung. Because I expected this to happen.

I was just considering using an old iPhone instead of an S21. Decision made.

&gt; may have affected information such as name, contact and demographic information, date of birth, and product registration information.<p>What falls under &quot;product registration information&quot;?

&gt; nformation such as name, contact and demographic information<p>Nice way to gloss over how much ‘demographic information’ they actually collect…

Tldr: whilst this incident is absolutely inappropriate; the big business behaviour will not change until users, too, recognise their accountability and responsibility. You purchased that product, accepted it’s usage terms, and supported this behaviour. Accept “some” responsibility in this outcome.<p>—<p>In regards to this security incident; users accepted the terms and conditions, which includes (usually in detail, or lack there of) their handling of the outcome, and impact to you.<p>It’s a horrible situation. Im not saying it’s acceptable. however; I demonstrate so by not supporting (advocating, purchasing, etc) and accepting these outrageous terms.<p>This is not isolated to Samsung…<p>Our home is (wherever possible) a “Samsung” free zone, primarily inspired by their handling of the health incidents in their South Korean factories. Workers sick and dying, directly linked to the workplace.<p>After years of persistent pressure from the families of these workers, the outcome was a payout and a typical “sorry we got caught” announcement.<p>There has also been ongoing large-scale corruption in the head&#x2F;leaders of the organisation, tied closely to South Korea in it’s entirety. It seems the outcome here is; “you’re really bad, but also really good… we’ll meet somewhere in the middle..”.<p>Ps; am aware that Samsung parts are often included with other brand solutions. Hence “mostly” above. I proactively investigate, and avoid at all costs.

Samsung stores demographic information because why not. I wonder how much information is that

Blows my mind that anyone would buy a Samsung product given their data collection addiction.

&quot;We value your privacy&quot; is just a buzzword for these companies.

Was the hacking state-sponsored?

Was this related to the Lapsus$ incident, or something else?