AT&T says hackers stole records of nearly all cellular customers' calls and texts

[bcuster]

Remain calm, nothing to see here

10 billion passwords have been leaked on a hacker site. Are you at risk?

The leak of passwords is the largest to date, cybersecurity experts say.

www.usatoday.com

 

[Saul Goodman]

You do realise that hacking isn't as simple as typing "Google" into your search bar and you're into all of Google's files do you?

Very basically it's like going to "urban75.com" and entering a name and password but you don't know the web name, user name or their password.

It actually used to be really easy
Coders used to be either a bit lazy or a bit stupid, or a mixture of both, and they used a lot of unsanitised inputs for things like password fields on login forms, so you didn't even have to know user names. "x or ""x=x" took care of that, as it was always true, so the database did your bidding. All you needed to do on a badly coded site was type an x in the username box, then x' or 'x'='x in the password field, and it'd dump the entire user details table.
A semicolon in the password box was a query delimiter, then you had full control of the database.
Those were the days.

 

[bcuster]

A statement "from the horse's mouth":

AT&T Addresses Recent Data Set Released on the Dark Web

AT&T Addresses Recent Data Set Released on the Dark Web​

AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web; source is still being assessed.




AT&T* has determined that AT&T data-specific fields were contained in a data set released on the dark web approximately two weeks ago. While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors. With respect to the balance of the data set, which includes personal information such as social security numbers, the source of the data is still being assessed.

AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.

Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable. We encourage current and former customers with questions to visit www.att.com/accountsafety for more information.

As of today, this incident has not had a material impact on AT&T’s operations.





Bc

 

[WouldBe]

A statement "from the horse's mouth":

AT&T Addresses Recent Data Set Released on the Dark Web

Why on earth would at&t need social security numbers?

 

[bcuster]

Why on earth would at&t need social security numbers?

Great question

 

[bcuster]

 

[Saul Goodman]

Seems America are a bit shit at cyber security.
Ah well.

 

[WouldBe]

Seems America are a bit shit at cyber security.
Ah well.

Not sure how they lose billions of social security numbers when the US population is only around 300 million.

 

[moochedit]

Not sure how they lose billions of social security numbers when the US population is only around 300 million.

Extra pension

 

[Saul Goodman]

Not sure how they lose billions of social security numbers when the US population is only around 300 million.

They probably lost the same ones multiple times. I do this regularly with my car keys.

 

[bcuster]

 

[bcuster]

Not sure how they lose billions of social security numbers when the US population is only around 300 million.

the ss#s of deceased people are extremely valuable on the blackweb. Dead people don't dispute fraudulent purchases and transactions







Quote Reply

Report Edit

 

[WouldBe]

the ss#s of deceased people are extremely valuable on the blackweb. Dead people don't dispute fraudulent purchases and transactions







Quote Reply

Report Edit

I would have thought that if someone was trying to use a social security number to buy something or take out a loan a basic check would show they were dead.

 

[bcuster]

I would have thought that if someone was trying to use a social security number to buy something or take out a loan a basic check would show they were dead.

that's the way it is supposed to work

what is the primary identifying data in UK?

 

[WouldBe]

that's the way it is supposed to work

what is the primary identifying data in UK?

For a loan it's usually name and address that gets checked against a credit reference agency.

 

[Saul Goodman]

For a loan it's usually name and address that gets checked against a credit reference agency.

America's weird. you can hardly buy a coffee there without giving someone your social security number, which they then store with the rest of your details on a database that any hacker worth their salt could probably access.

 

[bcuster]

America's weird. you can hardly buy a coffee there without giving someone your social security number, which they then store with the rest of your details on a database that any hacker worth their salt could probably access.

Absolutely true. And now, a serious problem...

 

[WouldBe]

Absolutely true. And now, a serious problem...

So much for "land of the free".

 

[moochedit]

that's the way it is supposed to work

what is the primary identifying data in UK?

We have a "national insurence number" in the uk but that's just used for paying tax or claiming benefits. We wouldn't normally get asked for it by private companies we are buying services off like a phone company. (A bank may ask for it as they have to declare interest earned to the taxman.)