Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label AT&T. Show all posts
Social Security Number
AT&T Data Breach Data Hacking Mobile Numbers ShinyHunters Social Security Number

AT&T Denies Involvement in Massive Data Leak Impacting 71 Million People

 


AT&T has categorically denied any involvement in a significant data breach affecting approximately 71 million individuals. The leaked data, disseminated by a hacker on a cybercrime forum, allegedly originates from a 2021 breach of the company's systems. Despite assertions made by the hacker, known as ShinyHunters, and subsequent releases by another threat actor named MajorNelson, AT&T maintains its position, asserting that the leaked information did not originate from its infrastructure.

While the authenticity of the entire dataset remains unconfirmed, the verification of some entries suggests potential accuracy. This includes personal data that is not readily accessible for scraping, such as names, addresses, mobile phone numbers, encrypted dates of birth, encrypted social security numbers, and other internal details.

Despite refuting claims of a breach within its systems, AT&T has not provided definitive evidence to support its stance. Speculation persists regarding the involvement of third-party service providers or vendors, with AT&T yet to respond to inquiries seeking clarification on this matter.

While the leaked data purportedly includes sensitive personal information, such as social security numbers and dates of birth, decryption efforts by threat actors have rendered this data accessible. However, the precise origin of the leaked information remains elusive, fueling speculation and concern among affected individuals and cybersecurity experts alike.

For individuals who were AT&T customers before and during 2021, caution is advised, as the leaked data could potentially be exploited in various forms of targeted attacks, including SMS and email phishing, as well as SIM swapping schemes. Users are urged to exercise heightened caution and verify the authenticity of any communications purportedly from AT&T, refraining from disclosing sensitive information without direct confirmation from the company.

As investigations into the origins of the leaked data continue, the implications for affected individuals underscore the importance of robust cybersecurity measures and heightened awareness of potential threats. The incident serves as a telling marker of the ever-present risks associated with the digital realm and the imperative for proactive measures to safeguard personal information.

While AT&T denies any involvement in the data leak, concerns regarding the security and privacy of affected individuals persist. The unprecedented nature of cyber threats necessitates ongoing vigilance and collaborative efforts to combat risks and ensure the protection of personal data in an increasingly interconnected world.


Read more »
Verizon
911 service AT&T Consumer Cellular customer complaints Cyber Security Downdetector FBI mobile phone Outage service interruptions T-Mobile USCellular Verizon

Cell Service Restored Following Extensive AT&T Outage

 

AT&T has resolved issues affecting its mobile phone customers following widespread outages on Thursday, according to a company announcement.Throughout the day, tens of thousands of cell phone users across the United States reported disruptions.

Reports on Downdetector.com, a platform monitoring outages, indicated instances of no service or signal after 04:00 EST (09:00 GMT).

AT&T issued an apology to its customers and confirmed that services were fully operational again by early afternoon. The company stated its commitment to taking preventive measures to avoid similar incidents in the future. The cause of the outage is currently being investigated.

Verizon and T-Mobile informed the BBC that their networks were functioning normally. However, they acknowledged that some customers may have experienced service issues while attempting to communicate with users on different networks.

According to Downdetector, AT&T received over 74,000 customer complaints, with significant clusters in southern and eastern regions of the country.

Smaller carriers like Cricket Wireless, UScellular, and Consumer Cellular also reported interruptions in service. Complaints ranged from difficulties with calls, texts, to internet access, with many users reporting no service or signal.

Downdetector's data showed that major cities including Los Angeles, Chicago, Houston, and Atlanta experienced high numbers of outages.

Some individuals also faced challenges with 911 services, prompting officials to advise the use of landlines, social media, or cell phones from alternative carriers in emergencies.

The widespread outage has garnered the attention of the US government, with the FBI and Department of Homeland Security launching investigations, as confirmed by John Kirby, spokesperson for the US National Security Council.

Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, stated that they are collaborating with AT&T to understand the root cause of the outage and are ready to provide assistance as necessary.

Although a confidential memo reported by ABC News suggested no signs of malicious activity, CISA officials are actively investigating the incident.
Read more »
online currency
AT&T cryptocurrency cyber attack Cyber Attacks online currency

Hackers are Breaking Into AT&T to Steal Cryptocurrency

In recent news, individuals with AT&T email addresses are being targeted by unknown hackers who are using their access to break into victims' cryptocurrency exchange accounts and steal their digital assets. Cryptocurrency exchanges are online platforms that allow users to buy, sell, and trade digital currencies like Bitcoin and Ethereum. 

To use a cryptocurrency exchange, users need to create an account and provide personal information for identity verification. They can then deposit traditional currencies and use them to purchase digital currencies. 

According to an anonymous source, cybercriminals have discovered a way to gain unauthorized access to the email accounts of AT&T users, including those with email domains such as att.net, sbcglobal.net, and bellsouth.net. 

These hackers exploit a section of AT&T's internal network to create mail keys for any user. Mail keys are unique credentials that allow AT&T email users to access their accounts via email applications like Thunderbird or Outlook without using their passwords.

Once the hackers obtain a target's mail key, they use an email app to access the victim's account and reset passwords for more valuable services like cryptocurrency exchanges. This leaves the victim vulnerable, as the hackers can easily reset passwords for Coinbase or Gemini accounts via email, transferring the victim's digital assets to their own accounts and leaving the victim with nothing. 

One of the victims reported that “it is Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these outlook login keys”. 

AT&T spokesperson Jim Kimberly acknowledged the unauthorized creation of secure mail keys that allow access to email accounts without passwords. The company has since updated its security controls and proactively required a password reset on some email accounts. 

“We identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password. We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,” he added. 

However, Kimberly further said that the hackers had no access to the internal systems of the company. “There was no intrusion into any system for this exploit. The bad actors used an API access.”
Read more »
Vulnerabilities
AT&T CPNI Cyberattack CyberCrime Data Breach Federal Communications Commission Vulnerabilities

AT&T Alerts Millions About Data Breach That Exposed Sensitive Information

 


An internal supply chain cyber-incident that occurred in AT&T's supply chain revealed some sensitive information belonging to tens of millions of the company's customers, exposing them to some serious vulnerabilities in their systems. 

A hacking incident did occur in January 2023 against AT&T's marketing vendor, resulting in a data breach of AT&T's system.  

Approximately 9 million clients of the company have been given a precautionary warning after unauthorized access to their personal information was discovered.  

According to the company, in addition to the first names of buyers, the company also uncovered wireless account numbers and smartphone numbers, as well as e-mail addresses. 

There have been specific instances where a small number of impacted clients have had their prices, late fees, monthly fee amounts, fluctuating monthly expenses, and/or minutes used exposed. These have been the name of the price plan, late amount, or late charges. Moreover, AT&T acknowledged that the data was a few years old and was not updated regularly. 

The representative of the company confirmed that the supply chain was at risk and that its methods would not be compromised. Additionally, the company mentioned that the collected information is frequently linked to eligibility for improvements to devices. Although there is no way to prevent it, the company notified the police immediately about the incident that happened. 

AT&T, in a report published on Wednesday, said that there was no information in the breach that involved payment details, account passwords, Social Security numbers, or any other information relating to an individual. Instead, the cyberattack allowed unauthorized access to information used to determine eligibility it said, characterizing the data as years old.  

The mobile carrier notified affected customers, it said. According to a notification posted on the AT&T Community forum.   The company informed its customers that they had notified federal law enforcement about unauthorized access to their CPNI as required by the Federal Communications Commission. 

The company's report to law enforcement does not contain specific information about their account, only that unauthorized access occurred.
Read more »
User Security
AT&T Data Breach Data Leak Shiny Hunters User Data User Privacy User Security

Database of 70 Million AT&T Users Being Sold on a Hacker Forum

 

The same threat actor is selling 70 million AT&T customers' records just days after the T-Mobile data leak. The data leak claim was refuted by the mobile service provider, who stated that the data did not emanate from any of their systems. ShinyHunters, the same threat actors that just days ago sold T-Mobile subscribers' data, is now selling 70 million records reportedly belonging to another mobile service provider – AT&T. AT&T consumers' full names, social security numbers, email addresses, and dates of birth are among the data for sale. 

ShinyHunters is a well-known organisation that has been linked to a number of high-profile data breaches. Mashable, 123RF, Minted, Couchsurfing, Animal Jam, and other companies have been targeted, according to HackRead. 

The revelation was first reported by Restore Privacy. According to them, the hacker is seeking $1 million for the full database (direct sell) and has given them exclusive information for this report.

"In the original post that we discovered on a hacker forum, the user posted a small sample of the data. We examined the sample and it appears to be authentic based on available public records. Additionally, the user who posted it has a history of major data breaches and exploits," said Restore Privacy. "While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid." 

AT&T denied that the data had been leaked, claiming that it was either forged or obtained through other sources. “Based on our investigation today, information that appeared in an internet chat room does not appear to have come from our systems,” MarketWatch quoted the cell phone carrier. 

 AT&T has previously experienced a data breach. For an insider breach in 2015, the company agreed to pay a $25 million fine. In fact, a threat actor was looking to hire a T-Mobile and/or AT&T employee in May, presumably to assist them in staging an insider attack on their employer. 

T-Mobile was notified late last week about accusations in an online forum that a threat actor had compromised T-Mobile systems. The company announced that it had discovered and shut down the access point that might have been utilised to obtain unauthorised access to the company's servers.
Read more »
malware
AT&T Cyber Crime Ezuri Linux malware

Ezuri Crypter Being Used to Evade Antivirus Detection

 

As per a report delivered by AT&T Alien Labs, various cyber criminals are utilizing Ezuri crypter to pack their malware and dodge antivirus detection. Although Windows malware has been known to deploy similar tactics, cybercriminals are currently utilizing Ezuri for penetrating Linux systems too. Written in Golang, Ezuri acts both as a crypter and loader for ELF (Linux) binaries. Utilizing AES, it encrypts the malware code and, on decoding, executes the noxious payload directly inside memory without producing any records on the disk. 

Systems engineer and Ezuri's maker, Guilherme Thomazi Bonicontro ('guitmz'), had open-sourced the ELF loader on GitHub in 2019 and debuted the tool in his blog entry. In an email interview with, Bonicontro otherwise known as TMZ shared that he is a malware researcher and makes research apparatuses for spreading awareness and aiding defenders. 

“I'm an independent malware researcher, I do this as one of my leisure activities. The objective of my work is just to learn and bring awareness on assorted PoC assault and defense techniques, yet never bring on any harm. As a general guideline, I generally share samples of my ventures with antivirus organizations and I never discharge code with ruinous payload or anything with refined replication capabilities. I believe knowledge ought to be available to everybody and every individual ought to be answerable for their own activities to rest soundly at night,” said Bonicontro. 

Researchers Ofer Caspi and Fernando Martinez of AT&T Alien Labs noted in the wake of decrypting the AES-encrypted payload, Ezuri quickly passes the subsequent code to the runFromMemory work as a contention without dropping malware files anyplace on the tainted system. During the last few months, Caspi and Martinez distinguished a few malware creators that pack their samples with Ezuri. These incorporate the cybercrime group, TeamTnT, active since at least April 2020. 

TeamTnT is known to assault misconfigured Docker instances and exposed APIs to transform weak systems into DDoS bots and crypto miners. Later variations of TeamTnT's malware, for example, "Black-T" that install network scanners on tainted systems and extract AWS credentials from memory were likewise discovered to be bound with Ezuri. As indicated by the AT&T researchers, "the last Black-T sample distinguished by Palo Alto Networks Unit42 is really an Ezuri loader." The researchers additionally saw the presence of the 'ezuri' string in numerous Ezuri-packed binaries. 

Malware samples which were commonly distinguished by about 50% of antivirus engines on VirusTotal, yielded 0 detections when encoded with Ezuri, at the time of AT&T's research. Even today, the Ezuri-stuffed sample has less than a 5% detection rate on VirusTotal.
Read more »
Subscribe to: Posts (Atom)