Update: Below is the official statement we received from Samsung on the matter.
The notification was inadvertently sent to Galaxy devices powered by Android Oreo or later. We can assure our users that this notification does not affect their devices in any way. We sincerely apologize to our customers for the inconvenience this may have caused and will ensure that a similar incident doesn’t occur in the future.
Original story follows
Samsung’s mobile users were taken by surprise last week when they received a random notification from the Find My Mobile app on their smartphones and tablets. It’s a stock app that’s baked right into Samsung’s software.
The mystery notification displayed the number “1” twice and simply disappeared when it was tapped. It didn’t launch the app or perform any other action. It did spook a lot of users since the notification was received by countless users across the globe. Some even feared that perhaps Samsung’s Find My Mobile service had been compromised.
Samsung doesn’t explain how it happened
Samsung was quick to put those concerns to rest. The company sent out a statement saying that the notification was sent out by mistake during an “internal test.” It didn’t provide any specifics, only saying that it would do its best to prevent something like this from happening again.
However not long after the notification was sent out there were reports from some users that they could see other users’ personal details in their own account. Most had just logged into their accounts after the notification to change their passwords.
As several users mention on Reddit, after they logged into and checked the account section in Samsung Shop, they could see other peoples’ phone numbers, email addresses, recent order details, shipping addresses and even the last 4 digits of their payment cards in the field where their own information should have been listed. In a statement provided to The Register, Samsung admits that some user data was leaked but insists that it only affected a “small number” of users.
“A technical error resulted in a small number of users being able to access the details of another user. As soon as we became aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed,” said a spokeswoman for the company, adding that “We will be contacting those affected by the issue with further details.”
Once again, the company has provided no specifics, so it’s unclear exactly how this happened. Perhaps more details will emerge once the company reaches out to those who were affected by this issue. This entire episode has become unnecessarily mysterious and Samsung should give its customers more clarity on what happened and what has been done to ensure that it doesn’t happen again.