Oh boy, this is bad. This is real bad.

BoingBoing reader Steve Parkinson has discovered a customer data security hole in the automated phone care system for Sprint Wireless.

Here’s how it works. You dial a certain toll-free Sprint customer service line (doesn’t matter what number you’re dialing from), then punch in the cellphone number of a Sprint Wireless subscriber (not necessarily yours). The Sprint voice-bot reads back to you the full name and street address of the accountholder associated with that number. Could be you, could be someone else.

Boing Boing: Security blunder: Sprint Wireless leaks customer data

So I Googled for the number, found it, and called it (being a Sprint customer). I entered in my number, it read back my name and street address. It asked me which person lived with me (it listed no one that did), which state my social security number was created in (it did list that), and which county I was in (it listed it). I answered the last two with incorrect answers and it still turned on the service for me.

Yes, even with wrong answers, anyone with a Sprint phone number can turn on international roaming for that person, because wrong answers don’t change the outcome.

So I called in and the customer service drone happily turned off the service (thank you) and directed me to send an email to send this form of complaint (theirs are, like most call centers, directed around the agents and customer service and not the products in general). So, I took to the site and drafted a letter.

I have a privacy complaint.

I called 888-211-4727 as it was mentioned to me that the number hands out personal information to anyone that presents a Sprint phone number. It does. While giving no personal information at all except the phone number, the site told me the owner of the number and the street address of where to find the owner. THIS IS BAD. This is an INFORMATION LEAK.

If this service does not change radically in 30 days I will end my business with Sprint. This is abhorrant. To top it off, I answered the questions WRONG and it STILL enabled the service! Happily, your customer service representative was very friendly and disabled the service for me. Thank you for that much.

But leaking my information to anyone that has my phone number is unacceptable. Please completely change that service.

Thank you.

My chances of success? I’m looking at Cingular’s prices right now, if that means anything.