Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Crack Part of a Phishing Operation

Posted by ryuzaki0 on from the crafty-crackers dept.

JohnGrahamCumming writes "According to a story in the San Francisco Chronicle the AT&T store crack was the prelude to a very sophisticated phishing operation. The phishers were aiming to use the information from the store to fool existing customers into divulging SSNs and other personal information." From the article: "'The information that was provided by customers who ordered DSL-related equipment included name, address, e-mail address, phone number, credit card number and credit card expiration,' the memo says, adding that the hacked data didn't include Social Security numbers or birth dates. But the hackers had a scheme to get this extra info. After accessing the customer data, they incorporated it into phishing messages that were promptly sent to AT&T's DSL customers ... Each message included a legitimate order number culled from the AT&T vendor's database to create an illusion of authenticity. Messages also included the recipient's home address and the last four digits of his or her credit card number. "

4 of 96 comments (clear)

  1. Privacy violations rampant by mabu · · Score: 5, Insightful

    This is just one of many, many issues of privacy violations that have happened in the last year. And the feds seem mainly interested in letting states regulate and report on security breaches. So far only a few states have legislation to notify consumers of database compromises, which is a shame. The sad part is many people may have had their information stolen and they will never know until the information has been exploited, all the while the corporations have been aware of this for a long time and choose not to reveal the violations in fear of a negative PR.

    1. Re:Privacy violations rampant by Gill+Bates · · Score: 5, Funny

      I have to say that I would never give any info to anyone who called me uncolicitated.

      I would never call you uncolicitated. Now, can I have your information?

  2. Affected Customer by macaulay805 · · Score: 5, Informative

    This is bad, I believe I am an affected customer. This morning I had random charges on the credit card that I used to pay my AT&T bill with. Although it is a little relief that the report says that they did not take any social security numbers (which I do not believe I gave it to them anyways), I hope there is something I can do to keep myself proactive in protecting my identity. Anyone have any suggestions (other can canceling my CC#, which has already happened)?

    Also, for anyone else, follow in my footsteps: DO NOT GIVE THE PHONE CALLERS ANY PERSONAL INFORMATION. PERIOD. If there is an issue, call your bank number personally on a known verified phone number and have the clerk verify ALL NAMES AND NUMBERS AND REASONS. (I've gotten calls already with people asking for my account information this morning as well from unverified numbers. Its happening).

  3. SSN is needed for credit checking by vinn01 · · Score: 5, Informative

    An SSN number is needed for a credit check. Therefore any company, like AT&T, that does end-of-the month billing will run a credit check on all of their customers. From their perspective they are giving one month of credit every month.

    The solution is to ban the use of SSN for credit files. Use a number that the consumer controls.

    Also, let customers pre-pay monthly. I know how much my monthly cell phone billing is going to be, let me pre-pay and avoid the forced use of credit (which gets reported to the credit agencies).