If you have an iPhone with AT&T, there's a good chance your info has been stolen
AT&T is finally resetting passcodes for current customers after hackers stole a trove of customer data more than two years ago.
The vast majority of the compromised passcodes belong to some 65.4 million current and former AT&T customers. However, the company has reset passcodes for 7.6 million of its current customers, in the typical abundance of caution often cited.
The passcodes are usualy four-digit numbers used to help verify customer accounts when they are being accessed by customers or AT&T support staff. No account passwords were compromised in the breach.
Although the passcodes and other information were encrypted, it remains possible to decipher the data. In addition to the passcodes, the data leaked includes customer names, dates of birth, home addresses, phone numbers, and Social Security numbers.
The stolen data was first reported on hacker forums in 2021. AT&T denied that the hack was real -- until now.
The company continues to say that it does not have any evidence of "unauthorized access to its systems resulting in exfiltration of the data set."
It has set up a new webpage reporting the incident, with tips on how customers can keep their account secure.
"Our internal teams are working with external cybersecurity experts to analyze the situation," AT&T said in its statement. It added that the compromised data "does not contain personal financial information or call history," and the company will be offering complimentary identity theft and credit monitoring services to affected customers.
Read on AppleInsider
Comments
yet the vast majority of American companies get hacked , and all we get is "oops my bad"
And all that stolen data is sold to the highest bidder, including the Chinese
so banning tiktok isn't about protecting our data now is it ?
This is why we can’t have nice, aka things that work to protect us.
Needless to say, but I no longer work there.
More concerned about the data stolen from several medical records breaches over the past year.
Also, the huge uptick in spam telephone calls and phishing emails.
Lastly, computer generated voices have become more convincing.
If I don't recognize a number, the caller will have to leave a call back number, name and pitch for a return call (after 7 rings and a message).
If the message is at all fishy, the voice message is deleted with no action taken.
Had a land line and internet with AT&T 10+ years ago, no emails yet from AT&T.
Have changed email address several times in 10+ years, so contact by email would be difficult for AT&T.
Maybe I should change email address again, as well as changing telephone numbers (both would require updating a bunch of folks).
Years ago (1999), the CEO of Sun Microsystems (now owned by Oracle) said something like "You have zero privacy. Get over it."
https://www.techspot.com/trivia/127-who-tech-ceo-1999-you-have-zero-privacy/#:~:text=Learn%20why%20this%20is%20the,Get%20over%20it.%22
As mentioned above, a massive class-action lawsuit for both the breach AND their irresponsible behaviour afterwards might get them to reform their practices. It's shutting the barn door after the horse has bolted, but may prevent future large-scale data breaches.
In the meantime, take your business elsewhere if possible. And tell AT&T why you are doing that.
Happy Easter!
Passcode is NOT the password. It's used when someone on your account that's not you wants to upgrade their phone when you are not present.
Here is a good summary on what is required:
https://www.upguard.com/blog/cybersecurity-regulations-in-the-european-union
And one small example:
https://www.edpb.europa.eu/news/national-news/2024/polish-sa-administrative-fine-failure-notify-personal-data-breach_en
And a bigger one:
https://www.edpb.europa.eu/news/national-news/2021/dutch-sa-fines-transavia-poor-personal-data-security_en
Some of the biggies under GDPR (not necessarily breaches) but underscores how bad Meta still is:
https://dataprivacymanager.net/5-biggest-gdpr-fines-so-far-2020/
“The information varied by customer and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode.”
So even if you’re a current customer and immediately change your passcode, you’re already screwed when it comes to your personal information.
Also use a random computer-generated password for each website you go to. A nice long password. Better to also turn on 2 factor. 2 years before AT&T says something? It's a little late by then for everyone. You can't trust any of these companies. Do not give out SSN for sure, but the less into you put out there on you the better.