Share

Related Links

  • AT
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Two men charged in AT&T iPad account hacking case
    Prosecutors have filed charges against two men for hacking into AT&T’s website and stealing email addresses and other personal information of 120,000 iPad users.
  • AT&T may have leaked customer data in iPhone 4 sales frenzy
    Tuesday was, of course, pre-order day for iPhone 4 in the US and many other parts of the world, when anxious would-be buyers could order their new iPhone handset for fulfillment later this month. But reports are emerging that the sheer volume of orders may have caused AT&T's ordering servers to overload and inadvertently leak customer data.
  • AT&T hit by another data breach
    Within days of researchers from Goatse Security finding a flaw in AT&T's website that exposed the e-mail addresses of over 100 000 iPad users, AT&T account information is being leaked.
  • AT&T cooperating in iPad data theft investigation
    AT&T says it will cooperate with an FBI investigation of a group known as Goatse Security for allegedly stealing more than 100 000 email addresses of Apple iPad users from its corporate servers.
  • AT&T sues Goatse for stealing iPad customers' data
    US carrier AT&T plans to prosecute a group known as Goatse Security for stealing more than 100 000 email addresses of Apple iPad users from its corporate servers.

Top 5 Stories

News

AT&T blocks organized hacking attempt on one million subscribers

22 November 2011

AT&T has revealed that hackers attempted to gain access to the online accounts of around a million of its mobile customers, although none of the accounts were successfully accessed as part of the "organized attempt".

The Dallas-headquartered communications giant says that hackers used a number of automated programs to try to text string-link mobile numbers and account login credentials, which they then hoped to use to access customer accounts via the main AT&T web portal.

AT&T says it sent an advisory email to the customers whose accounts the hackers attempted to gain access to using the scripted attacks.

"We recently detected an organized and systematic attempt to obtain information on a number of AT&T customer accounts, including yours", AT&T apparently said in its email, details of which were reported on the Bloomberg newswire.

"We do not believe that the perpetrators of this attack obtained access to your online account or any of the information contained in that account."

The CNet newswire, meanwhile, quoted an AT&T spokesperson as saying the company “recently detected what could have been an organized attempt to obtain information on a number of customer accounts".

"The people in question appear to have used autoscript technology to determine whether AT&T telephone numbers were linked to online AT&T accounts", the spokesperson told the newswire in a prepared statement.

"Our investigation is ongoing to determine the source or intent of the attempt to gather this information", said the statement. "In the meantime, out of an abundance of caution, we are advising the account holders involved."

Infosecurity notes that this isn’t the first time that AT&T’s mobile customers have been attacked – last year the email and allied details of around 114,000 early-adopter iPad customers of the telecoms giant were revealed after a flaw in the AT&T website was exploited.

Reports of the time said that hackers were able to retrieve email addresses and other data of iPad 3G subscribers because of a flaw in the site that automatically filled in the email address based on the integrated circuit card identifier (ICC-ID) in the iPad's SIM card.

Infosecurity understands that the hackers created a script – 'iPad 3G Account Slurper’ – that sent HTTP requests to the AT&T site with random ICC-IDs and then logged the resultant e-mail addresses.

Although AT&T is not saying anything about the hacker methodology during this latest attack, the two attacks may be linked, although the two men allegedly behind last year's attack were charged in January of this year.

This article is featured in:
Data Loss  •  Internet and Network Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×