Samsung Admits That Last Week’s Find My Mobile Notification Was Due to a Data Breach
A few days ago, Samsung users worldwide woke up to a weird notification from Samsung's Find My Mobile app. It was met with a mix of amusement, surprise, and alarm, as the app has the capability to remotely lock and wipe your device. Furthermore, it is impossible to remove the app, and it can only be disabled. Several users who received the notification stated that they didn't even know it existed on their phone and never used it.
A Samsung spokesperson issued a clarification later that it was a result of an 'internal test' gone wrong. It turns out, that was a flat out lie. Samsung finally admitted the truth to The Register, and had the following to say:
A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.
As usual, Samsung conveniently left out just how many users qualify as a 'small number'. Considering that there are millions of users that use Samsung Galaxy phones, that number is by no means insignificant. If you happen to receive an email stating that you've been affected, the best course of action is to change the password of your Samsung account and enable two-factor-authentication (2FA) on it.
To do that, head over to your device's Settings app, navigate to Accounts and Backup >Accounts. Here, look for your Samsung account and tap on it. Head over to the Passwords and Security tab and toggle two-step verification on. Here you'll be asked to confirm your identity using a fingerprint/PIN/Pattern. After that, you'll have to input and verify your phone number, if you haven't linked with your Samsung account. You can also use a third-party authenticator app such as Google Authenticator or Microsoft Authenticator to generate 2FA codes. Alternatively, you can save a bunch of backup codes that can be used when you are unable to receive a 2FA code via SMS.