Several days ago, it came as a surprise to many Samsung users when they received an unusual “1/1” push notification in their smartphones. The notification came from Find My Mobile, Samsung’s proprietary app which allows users to connect with their devices when stolen or lost.
Various media outlets picked up the story after a number of users from around the globe reported the incident. As a response, Samsung immediately answered and claimed that it was just “an internal test”. They also assured the public that it will in no way affect their devices.
To our disappointment, it didn’t seem to be what actually happened. Samsung’s statement was nothing but a failed cover-up. It turned out, there was indeed a data breach.
In a statement to The Register, Samsung admitted that the notification came from a Samsung data breach. In contrary to its initial statement, the said breach has pronounced effects to users. A number of people reported that they were able to see other people’s personal data.
Here’s the complete statement of a Samsung spokesperson:
“A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.”
So now, we’re curious as to what Samsung’s “small number” actually means. With a significant number of people claiming that they received the said notification, it’s a question of how many really were affected of this data breach.
What’s even more alarming is that many people who reported to The Register said that they had the app disabled but still received the notification. When the publication asked Samsung on how a “disabled” app was able to receive push notifications, the Korean tech giant did not answer.
Considering that Find My Mobile is a stock application, users cannot uninstall it without rooting the device. The existence of a notification from a disabled app is such a huge concern to users because that means it’s still running in the background.
For now, the least users can do to protect themselves is to change their Samsung account passwords. This incident also tells a lot on how user interest and privacy always come last. And that users no longer have the power over their own information.
Last week, Samsung got caught in its marketing ploy of faking the Galaxy S20’s telephoto cameras.