Related Links

  • AT
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


AT&T blocks organized hacking attempt on one million subscribers

22 November 2011

AT&T has revealed that hackers attempted to gain access to the online accounts of around a million of its mobile customers, although none of the accounts were successfully accessed as part of the "organized attempt".

The Dallas-headquartered communications giant says that hackers used a number of automated programs to try to text string-link mobile numbers and account login credentials, which they then hoped to use to access customer accounts via the main AT&T web portal.

AT&T says it sent an advisory email to the customers whose accounts the hackers attempted to gain access to using the scripted attacks.

"We recently detected an organized and systematic attempt to obtain information on a number of AT&T customer accounts, including yours", AT&T apparently said in its email, details of which were reported on the Bloomberg newswire.

"We do not believe that the perpetrators of this attack obtained access to your online account or any of the information contained in that account."

The CNet newswire, meanwhile, quoted an AT&T spokesperson as saying the company “recently detected what could have been an organized attempt to obtain information on a number of customer accounts".

"The people in question appear to have used autoscript technology to determine whether AT&T telephone numbers were linked to online AT&T accounts", the spokesperson told the newswire in a prepared statement.

"Our investigation is ongoing to determine the source or intent of the attempt to gather this information", said the statement. "In the meantime, out of an abundance of caution, we are advising the account holders involved."

Infosecurity notes that this isn’t the first time that AT&T’s mobile customers have been attacked – last year the email and allied details of around 114,000 early-adopter iPad customers of the telecoms giant were revealed after a flaw in the AT&T website was exploited.

Reports of the time said that hackers were able to retrieve email addresses and other data of iPad 3G subscribers because of a flaw in the site that automatically filled in the email address based on the integrated circuit card identifier (ICC-ID) in the iPad's SIM card.

Infosecurity understands that the hackers created a script – 'iPad 3G Account Slurper’ – that sent HTTP requests to the AT&T site with random ICC-IDs and then logged the resultant e-mail addresses.

Although AT&T is not saying anything about the hacker methodology during this latest attack, the two attacks may be linked, although the two men allegedly behind last year's attack were charged in January of this year.

This article is featured in:
Data Loss  •  Internet and Network Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×