Hackers Steal Phone Records of 'Nearly All' AT&T Customers

[Charlesrfinal]

Given how closely ATT is willing to work with the NSA on data collection this isn't a shock.

 

[haplain]

Okay... can someone maybe explain this to me? I get these data breaches happen, too frequently, but how/why is it allowable, and/or acceptable, to take almost 2 years to tell your customers that's happened? And, I guess the previous statement is the lesser of two evils, because if it takes them nearly 2 years to figure out they were hacked, it makes sense why these data breaches occur so frequently.

 

[falkon-engine]

Perils of the cloud. Ticketmaster. AT&T. Various others.

 

[falkon-engine]

Okay... can someone maybe explain this to me? I get these data breaches happen, too frequently, but how/why is it allowable, and/or acceptable, to take almost 2 years to tell your customers that's happened? And, I guess the previous statement is the lesser of two evils, because if it takes them nearly 2 years to figure out they were hacked, it makes sense why these data breaches occur so frequently.

Their cloud provider was hacked.

 

[masterhiggins]

Why do they have access to this, anyway? Why isn't it secure on the devices themselves and why is it stored?

 

[dannyyankou]

Okay... can someone maybe explain this to me? I get these data breaches happen, too frequently, but how/why is it allowable, and/or acceptable, to take almost 2 years to tell your customers that's happened? And, I guess the previous statement is the lesser of two evils, because if it takes them nearly 2 years to figure out they were hacked, it makes sense why these data breaches occur so frequently.

The data breach didn't happen 2 years ago. The data that was stolen was from 2022. AT&T learned about it in April this year. That's not an excuse by the way, waiting 3 months to tell your customers is unacceptable.

 

[FreakinEurekan]

Data privacy is a myth. If you don’t want it public that you’re calling/texting someone, then don’t call/text them.

 

[CarAnalogy]

What is AT&T’s problem? Are they using a bad cybersecurity company or are they just too cheap to pay for services that will keep our data safe?

They don’t truly care for one thing, same with the credit agencies. People have no choice but to deal with them, and they have enough political coverage that they will never truly suffer from any consequences.

And the other thing is of course money. Our data is used for monetization so it gets passed around. As long as everyone says they are complying with the security checklists nobody cares until they get hacked. And again, even then, no real consequences. All of this has happened before, all of it will happen again.

 

[FattiesGoneWild]

Banks never have breaches like this. I wonder why?!?! 🤪

 

[webkit]

Everyone remember Yahoo mail? Same thing happened

The Yahoo mail breach was worse as it wasn't just about stolen email addresses but also included things like passwords, birth dates, security questions and answers, etc.

 

[slippery-pete]

Yes, customers mobile and landline phone numbers which can be used for identify theft and phishing scams. Think the data is still harmless?

Please explain to me how somebody steals my identity by having my phone number?

BTW, even before this breech you can easily obtain somebodies phone number via the web. Not hard.

Yes, absolutely harmless...reality is, people want to make this out to be a bigger deal than it actually is. People love to complain about anything and everything; must live miserable lives. The world we live in.

 

[macfacts]

I wish Apple would launch an MVNO. I would feel more comfortable with them.

...

Apple still hasn't explained how apple users in Hungary got unexplained charges: https://forums.macrumors.com/thread...es-affecting-iphone-users-in-hungary.2430178/

 

[webkit]

That's not an excuse by the way, waiting 3 months to tell your customers is unacceptable.

I believe AT&T is claiming that law enforcement agencies asked them to delay public disclosure while initial investigations were ongoing.

 

[sloheim]

ATT should be fined $50 billion for this fraud. They are solely responsible for safeguarding that data and should give their lives for protecting it.

So, you think they'll just pay it out of their bank account, and wont pass the cost of that fine down to its customers?

Everyone gets excited about big fines, without realizing that we the customers ultimately pay them.

 

[dannyyankou]

Apple still hasn't explained how apple users in Hungary got unexplained charges: https://forums.macrumors.com/thread...es-affecting-iphone-users-in-hungary.2430178/

Hey, I'll take Apple's track record over anyone's

 

[laptech]

Which criminals? In this case, the article said (did you read it?) that one person was arrested and that they don't believe the data went public.

What the person or persons did is against the law meaning they was involved in a criminal act ergo they are a criminal.

 

[Edsel]

"...includes advice on how to protect yourself from online fraud."

Stop using the internet and use this instead...🙃

 

[Subarctic5216]

This is why I always have my credit reports frozen with all three companies and I put everything on my Amex gold card. Never use a debit card for anything, unless you absolutely have to. If there is ever an issue with fraud, and luckily I've only every dealt with petty fraud on my account once (knock on wood), Amex takes care of it instantly without any hassle.

A Credit Freeze on all information should be the default. But the credit report agencies are fighting this because they make their money selling our credit information to the banks and CC companies. With everything getting hacked all the time a credit freeze the 1st way to protect 'some' of your private info. 2nd is strong passwords (changed regularly) and using some type of 2FA. Everyone has to assume that your data has already been breached multiple times. Unfortunately the firms responsible for the laps in security are never held responsible or accountable.

 

[Amazing Iceman]

Never trusted the cloud not even for pictures .

Gotta get the right cloud. I wonder why it hasn’t been disclosed yet which Cloud service got hacked.
Perhaps they didn’t chose the right provider.

 

[GrayFlannel]

Did you read the article? Either way, read it again. It literally says that no text message or call content was involved. There wasn't any time stamp info or location info (except there was cell site ID if that is somehow usable).

It's my understanding iMessage is encrypted end-to-end so no one has the content of the messages except for the sender and receiver.

The telephone numbers were included in the leak along with the telephone number associated to the call/text, so says the NYT, WSJ, and CNN.

 

[laptech]

If having a name and phone number (which isn't even the case here since there are no names) is such a risk of being a victim of some crime, just think of practically every email sent with a signature has a name and a phone number! The internet is full of name/phone number associations. Apparently, everyone wasn't told doing so was exposing them to criminal activity. Again -- making much ado about nothing. Someone said we're not using our imagination -- if I used my imagination, I can think of terrible things happening to me just walking out my front door.

With your telephone number your name can be found. With your name found your address can be found, with your address found lot's of other information about you can be found. Do not have a closed mind when it comes to data breaches because that is what criminals are hoping for.

 

[GrayFlannel]

It also doesn't have any details such as Social Security numbers, dates of birth, or other personally identifiable information… So basically they can look the record of what calls and texts I made over six months but not my name, email, content of the call or text. Usage data but not content. I’m not going to stay awake at night over it.

Just to be sure, google your phone number (and those numbers who you called and texted) to see if you can find anything the leads to your/their identity.

 

[Capeto]

I can’t wait for the free market to correct this 🤡🤪

 

[Corefile]

Did you read the article? See what data was compromised?

I don't care what data was compromised. It doesn't matter. My data was compromised so they need to pay dearly and struggle for their very survival.

 

[Corefile]

That large of a fine against AT&T would put them out of business or double the amount charge to customers.

Good. Let it put them out of business and let it be the lesson for any other company who treat customer fraud like this as a walk in the park. The way to make businesses bet their existence on their infrastructure is to take down a company like ATT to prove it's not a joke. Right now it's treated as a joke.