A Sprint Privacy Mistake is Posted on Digg

[EvilAndrew]

If you read Digg lately you may have noticed that someone there was an article posted with a phone number in it that can be used to get the name and address of any sprint customer who’s phone number you know.  In Sprints defense, this system is supposed to be used as an HCI feature to help verify a user’s identity and I have heard of other companies doing the same thing.  However, it was still an amateur security mistake.

The question I have for CAOS is what they think the ethical considerations are of posting this information to the public?  The original blogger did not list the phone number but since it was just the sprint tech. support line guy who posted this to Digg was able to include it in his Digg comment.

http://digg.com/security/sprint_gives_out_customers_data_when_you_call