Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security AT&T Communications Privacy

Users' Data Target Of 'Targeted Attack' on AT&T 28

Posted by timothy
from the oh-the-files-are-inside-the-death-star dept.
New submitter fran6gagne writes "AT&T [Monday] notified customers of an effort by hackers to collect online account information. It is not believed that the perpetrators of this attack obtained access to sensitive information." eWeek's account has a bit more detail.
This discussion has been archived. No new comments can be posted.

Users' Data Target Of 'Targeted Attack' on AT&T

Comments Filter:
  • by jesseck (942036) on Tuesday November 22, 2011 @11:58AM (#38137314)
    When I signed up for a UVerse account, they provided the login details. They had my username (previously tied to DSL), no biggie. But then the technician at the house was able to pull up my password. MY password. It's stored in a reversible manner (if encrypted at all)- why the fuck? This does not surprise me that AT&T was targeted, and I'm sure they have millions of customers that believe they password is safe. Since then, I don't trust AT&T or that account for anything important.
  • by Anonymous Coward on Tuesday November 22, 2011 @12:13PM (#38137608)

    It appears that they are just enumerating which phone numbers are set up with online account access. This can be done via the account setup page. The login page itself will not tell you if an account exists or doesn't exist, but the setup page will. Likely, this is a first step to later brute force passwords. Given that the username is the phone number, they can then just try and find one that has an account set up with AT&T's web site. The daily internet storm center podcast had some details about this. http://isc.sans.edu/podcastdetail.html

  • by certain death (947081) on Tuesday November 22, 2011 @01:33PM (#38139062)
    You mean they are serious about protecting _THEIR OWN_ data, not customers data.

"In the face of entropy and nothingness, you kind of have to pretend it's not there if you want to keep writing good code." -- Karl Lehenbauer

Working...