Slashdot Mirror

← Back to Stories (view on slashdot.org)

Investor Sues AT&T Over Two-Factor Security Flaws, $23 Million Cryptocurrency Theft (fastcompany.com)

Posted by BeauHD on from the stolen-digital-funds dept.

An anonymous reader quotes a report from Fast Company: Crypto investor Michael Terpin filed a $224 million lawsuit against AT&T in California federal court Wednesday alleging that the phone company's negligence let hackers steal nearly $24 million in cryptocurrency from him, Reuters reports. He's also seeking punitive damages. Terpin says hackers were twice able to convince AT&T to connect his phone number to a SIM card they controlled, routing his calls and messages to them and enabling them to defeat two-factor authentication protections on his accounts. In one case, he says hackers also took control of his Skype account and convinced one of this clients to send money to them rather than Terpin. The second hack came even after AT&T agreed to put an additional passcode on his account, when a fraudster visited an AT&T store in Connecticut and managed to hijack Terpin's account without providing the code or a "scannable ID" as AT&T requires, he says.

5 of 120 comments (clear)

  1. That actually seems like a legit case by Anonymous Coward · · Score: 4, Interesting

    He might win and in the process force ATT to stop sucking at security. That would be a win for everybody.

  2. Moral of the story: by Gravis+Zero · · Score: 4, Insightful

    When your security matters, telecoms should not be trusted.

    --
    Anons need not reply. Questions end with a question mark.
  3. Re:He doesn't have a snowball's chance in hell by The+MAZZTer · · Score: 4, Insightful

    Did you read the summary? AT&T happily rerouted his text messages, including security codes for use in two-factor authentication, to thieves who stole his cryptocurrency.

    You can say "oh SMS two factor isn't secure" all you want, and there ARE ways it's insecure, but none of those ways mattered here because AT&T turned over the phone number to an unauthorized party!

  4. Re:Oh no! by KiloByte · · Score: 4, Insightful

    It doesn't matter what got stolen. These could be collector's bottle caps just the same. Both of these have a monetary value that's unrelated to any intrinsic virtue such an item would have but to what the market pays. If that kind of old bottle caps is typically sold on collectors' auctions for X quatloos, the judge will assume a value somewhere around X. Bitcoin is just easier to appraise than most items.

    The guy requested multiple additional means of protection, which AT&T agreed to implement. It's not the plaintiff who got repeatedly phished, it was AT&T.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  5. Re:Oh no, lost monopoly money by maglor_83 · · Score: 4, Insightful

    If I secure my $100M gold stash in a storage locker protected by a $40 Masterlock padlock, do I get to sue Masterlock for $100M when the thieves use a bolt cutter to remove the lock and take my gold?

    No, but if the thieves asked Masterlock to open it and they did, you'd have a much better case.