Application security engineer Matt Metzger published a Medium article detailing his attempts to notify Samsung of the problem. He says there are a multitude of problems with the AGS shipment tracking system. Anyone can search for other people’s orders via a publicly-accessible search form. The tracking ID is included in the URL and anyone can easily edit it to access details for other customers. Some orders have been indexed by Google and show up in search results. The researcher argues that this data could be easily scraped and used in phone scams to extract payment card details.
Source: https://www.bleepingcomputer.com/news/security/samsung-leaking-customer-information-via-shippers-website/