In a statement, Sprint confirmed that the expert used "legitimate credentials" to get in. It promptly changed the passwords and vowed to "research this issue" in a bid to avoid a repeat.

This isn't as grave as the incidents that affected AT&T and T-Mobile, since this required finding and logging into a largely unknown portal. With that said, it points to a seemingly consistent problem with security at American networks. It wouldn't have taken much to hijack phone numbers and sign into accounts that require two-factor authentication, putting social accounts and other sensitive info within easy reach.