Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Users' Data Target Of 'Targeted Attack' on AT&T

Comments Filter:
  • by jesseck (942036) on Tuesday November 22, 2011 @12:58PM (#38137314)
    When I signed up for a UVerse account, they provided the login details. They had my username (previously tied to DSL), no biggie. But then the technician at the house was able to pull up my password. MY password. It's stored in a reversible manner (if encrypted at all)- why the fuck? This does not surprise me that AT&T was targeted, and I'm sure they have millions of customers that believe they password is safe. Since then, I don't trust AT&T or that account for anything important.
  • by Anonymous Coward on Tuesday November 22, 2011 @01:13PM (#38137608)

    It appears that they are just enumerating which phone numbers are set up with online account access. This can be done via the account setup page. The login page itself will not tell you if an account exists or doesn't exist, but the setup page will. Likely, this is a first step to later brute force passwords. Given that the username is the phone number, they can then just try and find one that has an account set up with AT&T's web site. The daily internet storm center podcast had some details about this. http://isc.sans.edu/podcastdetail.html

  • by certain death (947081) on Tuesday November 22, 2011 @02:33PM (#38139062)
    You mean they are serious about protecting _THEIR OWN_ data, not customers data.

Facts are stubborn, but statistics are more pliable.

Working...