Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label AT&T. Show all posts
Verizon
AT&T Cyber Security Lawsuit Telecom Verizon

AT&T Wins Legal Challenge While Verizon Faces Privacy Penalties

 

Major U.S. wireless carriers have faced contrasting legal outcomes in their battles against Federal Communications Commission fines for selling customer location data without consent, creating an uncertain landscape for consumer privacy protection .

Background on data selling practices

In 2018, investigations revealed that major telecommunications providers were selling customers' real-time location data to third-party brokers without proper notification or consent. This practice involved carriers selling access to sensitive geolocation information to aggregators, who then resold the data to other companies, creating a gray market for cell phone location data. The exposed data allowed buyers, including law enforcement and bounty hunters, to track individuals' movements without their knowledge.

FCC enforcement actions 

The Federal Communications Commission responded in April 2024 by imposing nearly $200 million in total fines across the industry. AT&T received a $57 million penalty, Verizon faced a $46.9 million fine, T-Mobile was fined over $80 million, and Sprint received more than $12 million . The FCC determined that carriers violated Section 222 of the Communications Act, which requires maintaining customer information confidentiality and obtaining express consent before sharing location data.

Court battle results

All three major carriers challenged their fines in different federal appeals courts, producing divergent outcomes . The Second Circuit Court of Appeals upheld Verizon's $46.9 million fine, rejecting the company's argument that device location data doesn't qualify as protected "customer proprietary network information". The court ruled that location data clearly meets the law's criteria for protection since it's accessible to carriers exclusively due to the customer relationship.

Meanwhile, Verizon had attempted to shift responsibility by largely outsourcing consent verification to third parties through contractual agreements, which the court found inadequate. The carrier's location data was improperly accessed by companies like Securus Technologies, which allowed law enforcement to obtain customer information without proper authorization.

AT&T's legal victory

In contrast to Verizon's defeat, AT&T successfully overturned its fine in a business-friendly appeals court, though specific details of this ruling were not elaborated in available sources. This creates a significant legal inconsistency regarding how telecommunications privacy violations are enforced across different jurisdictions.

The conflicting appellate court decisions may force Supreme Court intervention to resolve the legal uncertainty. This potential review could significantly limit the FCC's authority to penalize companies for privacy violations, potentially weakening federal oversight of telecommunications data practices.

Current settlement landscape

Despite the legal victories and defeats, AT&T simultaneously faces a separate $177 million class-action settlement related to two major data breaches in 2024. The company agreed to pay customers up to $7,500 each for documented losses from breaches that exposed Social Security numbers, addresses, passwords, and other sensitive information. 

This settlement demonstrates ongoing vulnerabilities in telecommunications data security beyond the location-selling controversies.The contrasting legal outcomes highlight the fragmented state of privacy protection enforcement, where identical violations can result in different consequences depending on which court reviews the case.
Read more »
Verizon
AT&T FCC Location data Privacy Verizon

Court Upholds $46.9 Million Penalty Against Verizon for Sharing Location Data

 



A U.S. federal appeals court has ruled that Verizon must pay a $46.9 million penalty for unlawfully selling customers’ real-time location information. The decision closes the door on Verizon’s argument that its practices were legal, reinforcing the Federal Communications Commission’s authority to regulate privacy in the wireless industry.


Why the Fine Was Issued


In April 2024, the Federal Communications Commission (FCC) announced nearly $200 million in fines against several major mobile carriers for giving outside companies access to sensitive location data. These firms then passed the information to other parties, including bail-bond services and bounty hunters. According to regulators, this exposed consumers to significant risks and demonstrated a failure by carriers to adopt basic safeguards, even after repeated warnings. Verizon’s share of the fines was $46.9 million, which it sought to challenge in court.


Verizon’s Legal Challenge

The company argued before the U.S. Court of Appeals for the Second Circuit that device-location records should not fall under the category of “customer proprietary network information” protected by Section 222 of the Communications Act. This provision requires carriers to keep certain customer data private. Verizon claimed that location details were not covered by this rule and that the FCC had exceeded its powers by penalizing them.

The judges disagreed. They ruled that location data is precisely the kind of personal information Congress intended to protect, and that the FCC acted well within its legal authority. The court also found no violation of Verizon’s constitutional rights, firmly upholding the fine.


Other Rulings in Similar Cases

This ruling is not an isolated one. Earlier, another appeals court upheld a $92 million fine against T-Mobile for comparable violations, rejecting the carrier’s claim that selling location data was lawful. However, in a separate case, AT&T succeeded in overturning a $57 million penalty after a different appeals court raised concerns over how the FCC imposed the fine. These mixed outcomes illustrate the unsettled but intensifying debate over corporate rights, regulatory authority, and consumer privacy.


Implications for Consumers and the Industry

Privacy advocates have welcomed the latest decision, arguing that it sends a clear message: carriers cannot profit from sharing location information without explicit user consent. Experts warn that without strict oversight, telecom companies could continue searching for loopholes to monetize sensitive customer data.

For the FCC, the ruling strengthens its hand in future enforcement actions, confirming that it can hold carriers accountable when they put consumers at risk. Verizon, however, has indicated that it may continue to fight the ruling, setting the stage for further legal battles.

The decision cements a broader shift toward tougher privacy protections in the United States. It is expected to shape industry practices, influence how telecom companies manage data, and push lawmakers to advance stronger nationwide privacy rules.



Read more »
pins
AT&T Data Breach Passwords pins

AT&T Customers at Risk Again After New Data Leak

 




AT&T customers are once more facing serious security concerns following reports of a fresh leak involving their personal information. This comes after the telecom company experienced multiple data breaches last year.


Previous Data Breaches Raised Alarms

In 2024, AT&T reported two major security incidents. The first breach, which took place in March, affected over 70 million people. Sensitive details like social security numbers, home addresses, phone numbers, and birth dates were stolen and later found for sale on the dark web.

Just a month later, another breach occurred. Hackers reportedly gained access to AT&T’s Snowflake cloud platform, which allowed them to collect call and text records from a large number of AT&T users. Some sources later claimed that AT&T paid the hackers a ransom of approximately $370,000 to prevent the data from being exposed, but this detail remains unconfirmed.

These incidents increased the risk of identity theft, scams, and phishing attempts targeting AT&T customers. The company later provided those affected with a free one-year subscription to identity protection services.


New Customer Data Surfaces Online

Recently, another batch of customer data—belonging to around 86 million people—has appeared on the dark web. The leaked information includes names, birth dates, phone numbers, email addresses, home addresses, and social security numbers, raising fresh concerns about fraud and misuse.

AT&T responded by saying that the data seems to be from the earlier breach in March 2024 and is likely being recirculated by cybercriminals looking to make money. According to the company, their teams are fully investigating this recent exposure and law enforcement has been notified.


Why Customers Should Stay Alert

Data breaches have been rising sharply in the United States. A report by the Identity Theft Resource Center shows that over 1 billion people were affected by data leaks in just the first half of 2024—a massive increase compared to the previous year.

Even if this recent leak involves old data, the danger is still real. Hackers can combine stolen information to create fake identities, apply for loans, open accounts, or carry out other fraudulent activities.


Steps to Protect Yourself

AT&T customers and anyone affected by data breaches should take these precautions:

1. Change passwords and PINs immediately, especially for bank accounts and financial services.

2. Avoid reusing old passwords and set strong, unique ones for each account.

3. Enable two-factor authentication for extra security where possible.

4. Monitor bank and credit accounts closely for any unusual or suspicious activity.

5. Place a fraud alert on your credit file to warn lenders of potential identity theft. This is free and stays active for one year, with options to renew.

6. Consider freezing your credit report to prevent new accounts from being opened in your name.


It’s essential for all consumers to remain careful and take quick action to protect their personal information in today’s rising cyber threat landscape.

Read more »
Data Theft
AT&T cloud storage services CyberCrime cybercriminal arrests Data Breach Data Hackers data security Data Theft

Connor Moucka Extradited to U.S. for Snowflake Data Breaches Targeting 165 Companies

 

Connor Moucka, a Canadian citizen accused of orchestrating large-scale data breaches affecting 165 companies using Snowflake’s cloud storage services, has agreed to be extradited to the United States to face multiple federal charges. The breaches, which targeted high-profile companies like AT&T and Ticketmaster, resulted in the exposure of hundreds of millions of sensitive records. 

Moucka, also known by online aliases such as “Waifu,” “Judische,” and “Ellyel8,” was arrested in Kitchener, Ontario, on October 30, 2024, at the request of U.S. authorities. Last Friday, he signed a written agreement before the Superior Court of Justice in Kitchener, consenting to his extradition without the standard 30-day waiting period. The 26-year-old faces 20 charges in the U.S., including conspiracy to commit computer fraud, unauthorized access to protected systems, wire fraud, and aggravated identity theft. Prosecutors allege that Moucka, along with co-conspirator John Binns, extorted over $2.5 million from victims by stealing and threatening to expose their sensitive information. 

The data breaches tied to this cybercrime operation have had widespread consequences. In May 2024, Ticketmaster’s parent company, Live Nation, confirmed that data from 560 million users had been compromised and put up for sale on hacking forums. Other companies affected include Santander Bank, Advance Auto Parts, and AT&T, among others. Moucka and Binns are believed to be linked to “The Com,” a cybercriminal network involved in various illicit activities, including cyber fraud, extortion, and violent crimes. 

Another alleged associate, Cameron Wagenius, a 21-year-old U.S. Army soldier, was arrested in December for attempting to sell stolen classified information to foreign intelligence agencies. Wagenius has since indicated his intent to plead guilty. U.S. prosecutors claim Moucka and his associates launched a series of cyberattacks on Snowflake customers, gaining unauthorized access to corporate environments and exfiltrating confidential data. 
These breaches, described as among the most extensive cyberattacks in recent history, compromised sensitive 
records from numerous enterprises. While the exact date of Moucka’s extradition remains undisclosed, his case underscores the growing threat of cyber extortion and the increasing international cooperation in tackling cybercrime. His legal representatives have not yet issued a statement regarding the extradition or upcoming trial proceedings.
Read more »
Privacy
API AT&T Credentials Google Cloud Privacy

Weak Cloud Credentials Behind Most Cyber Attacks: Google Cloud Report

 



A recent Google Cloud report has found a very troubling trend: nearly half of all cloud-related attacks in late 2024 were caused by weak or missing account credentials. This is seriously endangering businesses and giving attackers easy access to sensitive systems.


What the Report Found

The Threat Horizons Report, which was produced by Google's security experts, looked into cyberattacks on cloud accounts. The study found that the primary method of access was poor credential management, such as weak passwords or lack of multi-factor authentication (MFA). These weak spots comprised nearly 50% of all incidents Google Cloud analyzed.

Another factor was screwed up cloud services, which constituted more than a third of all attacks. The report further noted a frightening trend of attacks on the application programming interfaces (APIs) and even user interfaces, which were around 20% of the incidents. There is a need to point out several areas where cloud security seems to be left wanting.


How Weak Credentials Cause Big Problems

Weak credentials do not just unlock the doors for the attackers; it lets them bring widespread destruction. For instance, in April 2024, over 160 Snowflake accounts were breached due to the poor practices regarding passwords. Some of the high-profile companies impacted included AT&T, Advance Auto Parts, and Pure Storage and involved some massive data leakages.

Attackers are also finding accounts with lots of permissions — overprivileged service accounts. These simply make it even easier for hackers to step further into a network, bringing harm to often multiple systems within an organization's network. Google concluded that more than 60 percent of all later attacker actions, once inside, involve attempts to step laterally within systems.

The report warns that a single stolen password can trigger a chain reaction. Hackers can use it to take control of apps, access critical data, and even bypass security systems like MFA. This allows them to establish trust and carry out more sophisticated attacks, such as tricking employees with fake messages.


How Businesses Can Stay Safe

To prevent such attacks, organizations should focus on proper security practices. Google Cloud suggests using multi-factor authentication, limiting excessive permissions, and fixing misconfigurations in cloud systems. These steps will limit the damage caused by stolen credentials and prevent attackers from digging deeper.

This report is a reminder that weak passwords and poor security habits are not just small mistakes; they can lead to serious consequences for businesses everywhere.


Read more »
Protonmail
AT&T Cloud Services comcast credential harvesting Cyber Crime Protonmail

Cybercriminals Exploit Cloud Services to Steal Login Information

 


You may think you are receiving an email from your trusted ProtonMail account — only to discover it’s a trap set by cybercriminals. Recent research throws light on how attackers are targeting both widely known and lesser-used cloud platforms like AT&T, Comcast Xfinity, and Gravatar to deceive users into handing over their credentials.  

This growing trend is a testament to how cybercriminals evolve to exploit users’ trust in familiar brands and unsuspecting services, creating significant security risks for individuals and businesses alike.  


What Are Cloud Services, and Why Are They Targeted?

To understand these threats, it’s crucial to know what cloud services are. These platforms allow users to access tools and store data online, eliminating the need for physical hardware. Examples include ProtonMail, which provides secure email communication, and Gravatar, a service that manages user avatars across the web.  

Cybercriminals target these services due to their widespread adoption and the trust users place in them. Services like Gravatar, often overlooked in cybersecurity protocols, become particularly attractive to attackers as they can bypass many conventional defenses.  


How Attackers Exploit Cloud Platforms 

While telecom giants like AT&T and Comcast Xfinity are attacked for their reputation and vast user base, platforms like Gravatar are exploited due to their unique features. For instance, Gravatar’s “Profiles as a Service” functionality allows attackers to create convincing fake profiles, tricking users into revealing sensitive information.  

The methods attackers use often depend on two key factors:  

1. Familiarity: Trusted brands like AT&T and Comcast Xfinity are lucrative targets because users inherently trust their platforms.  

2. Low Visibility: Lesser-known platforms, such as Gravatar, often evade suspicion and security monitoring, making them easy prey.  


How Credential Theft Works  

Cybercriminals follow a systematic approach to harvest user credentials:  

1. Deceptive Emails: Victims receive phishing emails that mimic trusted platforms.  

2. Fake Websites: These emails direct users to fraudulent login pages resembling legitimate ones.  

3. Impersonation: Fake profiles and interfaces add credibility to the scam.  

4. Data Theft: Once users input their login details, attackers gain unauthorized access, leading to potential breaches.  


Telecom Companies Under Siege  

Telecommunications companies like AT&T, Comcast Xfinity, and regional Canadian ISPs, including Kojeko and Eastlink, are particularly vulnerable. These companies manage vast amounts of sensitive user data, making them high-value targets. A successful breach could enable hackers to exploit customer data on a massive scale, creating widespread consequences.  


How to Protect Yourself from These Attacks  

To stay secure against credential theft attempts, follow these precautions:  

  1. Verify Websites: Always confirm the authenticity of a URL before entering personal information.  
  2. Scrutinize Emails: Be cautious of unsolicited emails, especially those requesting sensitive data.  
  3. Strengthen Passwords: Use complex, unique passwords for every account.  
  4. Two-Factor Authentication (2FA): This adds an extra security layer, making it harder for attackers to succeed.  
  5. Stay Updated: Regularly educate yourself on emerging cybersecurity threats.  


Conclusion: Awareness is Key to Cybersecurity

Credential theft campaigns have become more intricate in their execution, targeting both renowned and overlooked platforms. By understanding the tactics used by attackers and adopting proactive security measures, individuals and businesses can safeguard themselves from these evolving threats.  

For an in-depth look at this issue and additional insights, refer to the SlashNext report.


Read more »
Salt Typhoon
AT&T Customer Data Cyber Attacks Salt Typhoon

AT&T Confirms Cyberattack Amid Salt Typhoon Hacking Incident

 

AT&T has confirmed being targeted in the Salt Typhoon hacking attack, a cyber operation suspected to involve China. Despite the attack, the telecommunications giant assured customers that its networks remain secure.

In a statement, AT&T revealed that hackers aimed to access information related to foreign intelligence subjects. The company clarified, “We detect no activity by nation-state actors in our networks at this time.” It further added that only a limited number of individuals’ data had been compromised. Affected individuals were promptly notified, and AT&T cooperated with law enforcement to address the breach.

Investigation and Preventive Measures

To prevent future incidents, AT&T is collaborating with government agencies, other telecom companies, and cybersecurity experts. The company has intensified its monitoring efforts and implemented enhanced measures to safeguard customer data.

The Salt Typhoon attack is not an isolated event; it forms part of a broader wave of cyberattacks targeting major telecom companies. Reports suggest that hackers may have accessed systems used by federal agencies to process lawful wiretapping requests. These systems play a critical role in law enforcement operations, making their compromise particularly alarming.

In October, similar breaches were reported by other telecom providers. Verizon Communications disclosed suspicious activity, and T-Mobile revealed it had thwarted an attempted breach before customer data could be accessed.

White House Deputy National Security Advisor Anne Neuberger stated that nine telecom companies had been targeted in the Salt Typhoon attack but refrained from naming all the affected firms.

China, in response, denied any involvement in the attacks, asserting that it opposes state-sponsored cyber activities.

Lessons for Cybersecurity

The Salt Typhoon attack underscores the critical need for robust cybersecurity practices in the telecom industry. AT&T’s prompt response highlights the importance of transparency and collaboration in addressing cyber threats. This incident serves as a reminder for organizations to invest in stronger protective measures, especially as digital systems become increasingly integral to global operations.

While no system is entirely immune to cyber threats, preparedness and swift action can significantly mitigate potential damage.

Read more »
Verizon
AT&T Chinese Hackers Cybbercrime Cyber Attacks Cyberhackers Cyberthreatm Salt Typhoon Hacks FBI Verizon

Salt Typhoon Hack: A Grave Threat to U.S. Telecommunications

 


The Chinese state-sponsored hacking group Salt Typhoon has been implicated in one of the most severe breaches in U.S. telecommunications history. Sensitive information, including call logs, timestamps, phone numbers, and location data, was compromised across the networks of at least eight major telecom carriers, including AT&T and Verizon. Despite the scale of the intrusion, many affected consumers remain uninformed about the breach.

Scope and Impact of the Breach

According to reports, Salt Typhoon’s hacking campaign has targeted high-value intelligence figures, including presidential candidates Donald Trump and Kamala Harris, as well as Senator Chuck Schumer's office. The FBI estimates that millions of users’ metadata, particularly in the Washington, D.C., area, were accessed. Yet, most affected individuals have not been notified, raising serious privacy concerns.

AT&T and Verizon, the most severely impacted companies, have faced backlash for their limited response to the breach. Privacy groups have criticized the telecom giants for failing to comply with the Federal Communications Commission (FCC) mandate requiring companies to inform customers of breaches that could cause significant harm, such as identity theft or financial loss.

Telecom Industry’s Response

While high-value targets were promptly alerted, the majority of users whose data was compromised were not informed. In an interview with NBC, Alan Butler, executive director of the Electronic Privacy Information Center, condemned the carriers’ "deficient practices." He emphasized the need for transparency, urging companies to notify all affected customers, regardless of whether their metadata or the actual content of their communications was accessed.

Charter Communications, a midsize internet service provider, has taken a relatively open approach, acknowledging infiltration by Salt Typhoon. According to Chief Security Officer Jeff Simon, access by the hackers has since been cut off, and no customer information was reportedly accessed. In contrast, other companies like Lumen, another internet service provider, have downplayed or refused to disclose the extent of the breach.

Ongoing Threats and Legislative Action

Cybersecurity experts warn that Salt Typhoon continues to target U.S. telecom networks and IT infrastructure. Government agencies are closely monitoring the situation to mitigate further risks. Lawmakers are now considering stricter cybersecurity regulations to compel telecom companies to adopt robust practices and provide detailed breach notifications to consumers.

However, some companies targeted by Salt Typhoon claim the hackers did not gain substantial information. For example, Lumen stated that federal partners found no evidence of ongoing activity in its networks.

Consumer Awareness and Future Outlook

While telecom companies have yet to adequately address these breaches, consumers must stay informed about security risks by following news updates on data breaches. Public pressure is likely to drive industry-wide changes, prompting carriers like AT&T and Verizon to adopt comprehensive notification systems for all affected users.

The Salt Typhoon breach serves as a wake-up call for the telecommunications industry to prioritize data security. Enhanced transparency, stricter cybersecurity regulations, and informed decision-making will be crucial to safeguarding sensitive information in an increasingly digital world.

Read more »
Wireless Provider
AT&T Cyber Outage Cyber Security United States Wireless Provider

AT&T Claims It Has Fixed Software Bug That Caused An Outage For Some Wireless Users

 

Some AT&T customers experienced a disruption in their wireless service earlier this week, which made it difficult for them to call 911 in an emergency. 

It was rectified in a few hours, with the company blaming a software fault, but it's only one of many issues the wireless provider has experienced in recent months, including outages and data breaches that have disrupted operations and left users in the dark.

Earlier this year in February, its network went down for 11 hours, preventing several of its clients in the United States from making calls, texting, or using the internet. AT&T stated that an initial investigation of the outage revealed that it might have been caused by an internal error rather than a cyberattack. 

A few weeks later, in March, a data dump containing private information for 73 million current and past customers was exposed onto the "dark web," raising security concerns. According to the company, the data was from 2019 or earlier and did not appear to include financial information or call history specifics. 

"It is unclear whether the data originated from AT&T or one of its vendors," the company stated at the time. Then, in June, another AT&T outage prevented some consumers from making phone calls between carriers. The issue was resolved within a few hours, but the firm did not disclose what triggered it.

Notably, this week's outage occurred just hours after the Federal Communications Commission announced a $950,000 settlement with AT&T to resolve an investigation into whether the company violated FCC rules by failing to deliver 911 calls and promptly notifying 911 call centres during a previous outage in August 2023. 

AT&T’s overflow 

Why does this keep occurring to AT&T? CNN spoke with a telecommunications expert who believes there are three main factors at play: software updates gone awry, numerous technological challenges, and congested networks in big cities. 

An outage map from Tuesday shows interruptions in New York, Charlotte, North Carolina, Houston, and Chicago. Alex Besen, founder and CEO of Besen Group, which analyses mobile phone carriers, believes it was a network overload issue. 

“To avoid any future outages, AT&T needs to increase the number of cell towers, implement advanced load-balancing techniques, use network optimization tools to manage traffic more effectively and prioritize services that can reduce congestion,” Besen stated.
Read more »
security measures
Account security AT&T Customer Data Cybersecurity measures Data Breach data security Data Theft security measures

AT&T Data Breach: Essential Steps for Victims to Protect Themselves

 

Telecom giant AT&T recently disclosed a massive data breach affecting nearly all of its approximately 110 million customers. If you were a customer between May 2022 and January 2023, there is a high chance your data, including call and text message records, was accessed through an illegal download from a third-party cloud platform. Customers should watch for contact from AT&T or check their accounts for notifications. First, change your password. 

Since your password is likely compromised, update it on both your AT&T account and any other accounts where it was used. While it’s inconvenient, using different passwords for each service is essential. Numerous tools can create secure, randomly generated passwords, and password managers can help you remember them. Also, activate two-factor authentication on your account and any other accounts using the same password. Combining two login methods enhances security. Given the nature of this leak, consider changing your cell phone number as well. Prepare for an increase in spam calls, but the bigger concern is potential scammers.

Be extra cautious about giving out personal details such as banking information or your address over the phone, as these could be cleverly disguised phishing schemes. Stay vigilant online, as even anonymous phone number information can be pieced together by scammers to identify individuals. Treat every email from unfamiliar addresses as suspicious. Additionally, inform your bank about the breach. They can monitor for any suspicious transactions and introduce new security measures to ensure you are contacting your bank, not an imposter.  

Lastly, protect yourself further by using one of the best VPNs to secure your online data. VPNs not only spoof your IP address location but also securely encrypt your data. There are even free VPN plans like ProtonVPN. Many VPNs also include antivirus elements. For instance, NordVPN has its Threat Protection Pro system, which is effective against phishing. A Surfshark One subscription includes dedicated antivirus software and an Alternative ID feature, which allows you to sign up for services online with randomly generated details, including a decoy phone number. With an Alternative ID, you can create accounts for less trustworthy services (or those frequently attacked, like AT&T) with peace of mind. 

This way, you can minimize spam and rest assured that if your details get leaked, you haven’t actually been compromised. Hackers will have nothing to piece together; you can simply disconnect that ID, generate another random identity, and move on securely.
Read more »
Social Security Number
AT&T Data Breach Data Hacking Mobile Numbers ShinyHunters Social Security Number

AT&T Denies Involvement in Massive Data Leak Impacting 71 Million People

 


AT&T has categorically denied any involvement in a significant data breach affecting approximately 71 million individuals. The leaked data, disseminated by a hacker on a cybercrime forum, allegedly originates from a 2021 breach of the company's systems. Despite assertions made by the hacker, known as ShinyHunters, and subsequent releases by another threat actor named MajorNelson, AT&T maintains its position, asserting that the leaked information did not originate from its infrastructure.

While the authenticity of the entire dataset remains unconfirmed, the verification of some entries suggests potential accuracy. This includes personal data that is not readily accessible for scraping, such as names, addresses, mobile phone numbers, encrypted dates of birth, encrypted social security numbers, and other internal details.

Despite refuting claims of a breach within its systems, AT&T has not provided definitive evidence to support its stance. Speculation persists regarding the involvement of third-party service providers or vendors, with AT&T yet to respond to inquiries seeking clarification on this matter.

While the leaked data purportedly includes sensitive personal information, such as social security numbers and dates of birth, decryption efforts by threat actors have rendered this data accessible. However, the precise origin of the leaked information remains elusive, fueling speculation and concern among affected individuals and cybersecurity experts alike.

For individuals who were AT&T customers before and during 2021, caution is advised, as the leaked data could potentially be exploited in various forms of targeted attacks, including SMS and email phishing, as well as SIM swapping schemes. Users are urged to exercise heightened caution and verify the authenticity of any communications purportedly from AT&T, refraining from disclosing sensitive information without direct confirmation from the company.

As investigations into the origins of the leaked data continue, the implications for affected individuals underscore the importance of robust cybersecurity measures and heightened awareness of potential threats. The incident serves as a telling marker of the ever-present risks associated with the digital realm and the imperative for proactive measures to safeguard personal information.

While AT&T denies any involvement in the data leak, concerns regarding the security and privacy of affected individuals persist. The unprecedented nature of cyber threats necessitates ongoing vigilance and collaborative efforts to combat risks and ensure the protection of personal data in an increasingly interconnected world.


Read more »
Verizon
911 service AT&T Consumer Cellular customer complaints Cyber Security Downdetector FBI mobile phone Outage service interruptions T-Mobile USCellular Verizon

Cell Service Restored Following Extensive AT&T Outage

 

AT&T has resolved issues affecting its mobile phone customers following widespread outages on Thursday, according to a company announcement.Throughout the day, tens of thousands of cell phone users across the United States reported disruptions.

Reports on Downdetector.com, a platform monitoring outages, indicated instances of no service or signal after 04:00 EST (09:00 GMT).

AT&T issued an apology to its customers and confirmed that services were fully operational again by early afternoon. The company stated its commitment to taking preventive measures to avoid similar incidents in the future. The cause of the outage is currently being investigated.

Verizon and T-Mobile informed the BBC that their networks were functioning normally. However, they acknowledged that some customers may have experienced service issues while attempting to communicate with users on different networks.

According to Downdetector, AT&T received over 74,000 customer complaints, with significant clusters in southern and eastern regions of the country.

Smaller carriers like Cricket Wireless, UScellular, and Consumer Cellular also reported interruptions in service. Complaints ranged from difficulties with calls, texts, to internet access, with many users reporting no service or signal.

Downdetector's data showed that major cities including Los Angeles, Chicago, Houston, and Atlanta experienced high numbers of outages.

Some individuals also faced challenges with 911 services, prompting officials to advise the use of landlines, social media, or cell phones from alternative carriers in emergencies.

The widespread outage has garnered the attention of the US government, with the FBI and Department of Homeland Security launching investigations, as confirmed by John Kirby, spokesperson for the US National Security Council.

Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, stated that they are collaborating with AT&T to understand the root cause of the outage and are ready to provide assistance as necessary.

Although a confidential memo reported by ABC News suggested no signs of malicious activity, CISA officials are actively investigating the incident.
Read more »
online currency
AT&T cryptocurrency cyber attack Cyber Attacks online currency

Hackers are Breaking Into AT&T to Steal Cryptocurrency

In recent news, individuals with AT&T email addresses are being targeted by unknown hackers who are using their access to break into victims' cryptocurrency exchange accounts and steal their digital assets. Cryptocurrency exchanges are online platforms that allow users to buy, sell, and trade digital currencies like Bitcoin and Ethereum. 

To use a cryptocurrency exchange, users need to create an account and provide personal information for identity verification. They can then deposit traditional currencies and use them to purchase digital currencies. 

According to an anonymous source, cybercriminals have discovered a way to gain unauthorized access to the email accounts of AT&T users, including those with email domains such as att.net, sbcglobal.net, and bellsouth.net. 

These hackers exploit a section of AT&T's internal network to create mail keys for any user. Mail keys are unique credentials that allow AT&T email users to access their accounts via email applications like Thunderbird or Outlook without using their passwords.

Once the hackers obtain a target's mail key, they use an email app to access the victim's account and reset passwords for more valuable services like cryptocurrency exchanges. This leaves the victim vulnerable, as the hackers can easily reset passwords for Coinbase or Gemini accounts via email, transferring the victim's digital assets to their own accounts and leaving the victim with nothing. 

One of the victims reported that “it is Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these outlook login keys”. 

AT&T spokesperson Jim Kimberly acknowledged the unauthorized creation of secure mail keys that allow access to email accounts without passwords. The company has since updated its security controls and proactively required a password reset on some email accounts. 

“We identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password. We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,” he added. 

However, Kimberly further said that the hackers had no access to the internal systems of the company. “There was no intrusion into any system for this exploit. The bad actors used an API access.”
Read more »
Vulnerabilities
AT&T CPNI Cyberattack CyberCrime Data Breach Federal Communications Commission Vulnerabilities

AT&T Alerts Millions About Data Breach That Exposed Sensitive Information

 


An internal supply chain cyber-incident that occurred in AT&T's supply chain revealed some sensitive information belonging to tens of millions of the company's customers, exposing them to some serious vulnerabilities in their systems. 

A hacking incident did occur in January 2023 against AT&T's marketing vendor, resulting in a data breach of AT&T's system.  

Approximately 9 million clients of the company have been given a precautionary warning after unauthorized access to their personal information was discovered.  

According to the company, in addition to the first names of buyers, the company also uncovered wireless account numbers and smartphone numbers, as well as e-mail addresses. 

There have been specific instances where a small number of impacted clients have had their prices, late fees, monthly fee amounts, fluctuating monthly expenses, and/or minutes used exposed. These have been the name of the price plan, late amount, or late charges. Moreover, AT&T acknowledged that the data was a few years old and was not updated regularly. 

The representative of the company confirmed that the supply chain was at risk and that its methods would not be compromised. Additionally, the company mentioned that the collected information is frequently linked to eligibility for improvements to devices. Although there is no way to prevent it, the company notified the police immediately about the incident that happened. 

AT&T, in a report published on Wednesday, said that there was no information in the breach that involved payment details, account passwords, Social Security numbers, or any other information relating to an individual. Instead, the cyberattack allowed unauthorized access to information used to determine eligibility it said, characterizing the data as years old.  

The mobile carrier notified affected customers, it said. According to a notification posted on the AT&T Community forum.   The company informed its customers that they had notified federal law enforcement about unauthorized access to their CPNI as required by the Federal Communications Commission. 

The company's report to law enforcement does not contain specific information about their account, only that unauthorized access occurred.
Read more »
User Security
AT&T Data Breach Data Leak Shiny Hunters User Data User Privacy User Security

Database of 70 Million AT&T Users Being Sold on a Hacker Forum

 

The same threat actor is selling 70 million AT&T customers' records just days after the T-Mobile data leak. The data leak claim was refuted by the mobile service provider, who stated that the data did not emanate from any of their systems. ShinyHunters, the same threat actors that just days ago sold T-Mobile subscribers' data, is now selling 70 million records reportedly belonging to another mobile service provider – AT&T. AT&T consumers' full names, social security numbers, email addresses, and dates of birth are among the data for sale. 

ShinyHunters is a well-known organisation that has been linked to a number of high-profile data breaches. Mashable, 123RF, Minted, Couchsurfing, Animal Jam, and other companies have been targeted, according to HackRead. 

The revelation was first reported by Restore Privacy. According to them, the hacker is seeking $1 million for the full database (direct sell) and has given them exclusive information for this report.

"In the original post that we discovered on a hacker forum, the user posted a small sample of the data. We examined the sample and it appears to be authentic based on available public records. Additionally, the user who posted it has a history of major data breaches and exploits," said Restore Privacy. "While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid." 

AT&T denied that the data had been leaked, claiming that it was either forged or obtained through other sources. “Based on our investigation today, information that appeared in an internet chat room does not appear to have come from our systems,” MarketWatch quoted the cell phone carrier. 

 AT&T has previously experienced a data breach. For an insider breach in 2015, the company agreed to pay a $25 million fine. In fact, a threat actor was looking to hire a T-Mobile and/or AT&T employee in May, presumably to assist them in staging an insider attack on their employer. 

T-Mobile was notified late last week about accusations in an online forum that a threat actor had compromised T-Mobile systems. The company announced that it had discovered and shut down the access point that might have been utilised to obtain unauthorised access to the company's servers.
Read more »
malware
AT&T Cyber Crime Ezuri Linux malware

Ezuri Crypter Being Used to Evade Antivirus Detection

 

As per a report delivered by AT&T Alien Labs, various cyber criminals are utilizing Ezuri crypter to pack their malware and dodge antivirus detection. Although Windows malware has been known to deploy similar tactics, cybercriminals are currently utilizing Ezuri for penetrating Linux systems too. Written in Golang, Ezuri acts both as a crypter and loader for ELF (Linux) binaries. Utilizing AES, it encrypts the malware code and, on decoding, executes the noxious payload directly inside memory without producing any records on the disk. 

Systems engineer and Ezuri's maker, Guilherme Thomazi Bonicontro ('guitmz'), had open-sourced the ELF loader on GitHub in 2019 and debuted the tool in his blog entry. In an email interview with, Bonicontro otherwise known as TMZ shared that he is a malware researcher and makes research apparatuses for spreading awareness and aiding defenders. 

“I'm an independent malware researcher, I do this as one of my leisure activities. The objective of my work is just to learn and bring awareness on assorted PoC assault and defense techniques, yet never bring on any harm. As a general guideline, I generally share samples of my ventures with antivirus organizations and I never discharge code with ruinous payload or anything with refined replication capabilities. I believe knowledge ought to be available to everybody and every individual ought to be answerable for their own activities to rest soundly at night,” said Bonicontro. 

Researchers Ofer Caspi and Fernando Martinez of AT&T Alien Labs noted in the wake of decrypting the AES-encrypted payload, Ezuri quickly passes the subsequent code to the runFromMemory work as a contention without dropping malware files anyplace on the tainted system. During the last few months, Caspi and Martinez distinguished a few malware creators that pack their samples with Ezuri. These incorporate the cybercrime group, TeamTnT, active since at least April 2020. 

TeamTnT is known to assault misconfigured Docker instances and exposed APIs to transform weak systems into DDoS bots and crypto miners. Later variations of TeamTnT's malware, for example, "Black-T" that install network scanners on tainted systems and extract AWS credentials from memory were likewise discovered to be bound with Ezuri. As indicated by the AT&T researchers, "the last Black-T sample distinguished by Palo Alto Networks Unit42 is really an Ezuri loader." The researchers additionally saw the presence of the 'ezuri' string in numerous Ezuri-packed binaries. 

Malware samples which were commonly distinguished by about 50% of antivirus engines on VirusTotal, yielded 0 detections when encoded with Ezuri, at the time of AT&T's research. Even today, the Ezuri-stuffed sample has less than a 5% detection rate on VirusTotal.
Read more »
Subscribe to: Posts (Atom)