What simply occurred? Many AT&T prospects lately obtained an e mail stating that hackers had accessed their Customer Proprietary Network Information (CPNI). Classic phishing vocabulary, however the alert just isn’t a rip-off. Users ought to take steps to safe their AT&T accounts, together with strengthening passwords and submitting CPNI restriction requests.
Telecommunications supplier AT&T lately alerted prospects {that a} cyber assault uncovered some info on their accounts. No bank card knowledge, Social Security numbers, passwords or dates of start have been leaked, however the hackers uncovered some particulars about customers’ telephone plans.
Information in danger included the client’s identify, e mail handle, account line quantity, machine sort, machine improve eligibility, price plan identify, overdue quantity, month-to-month cost quantity, and minutes used. The bug affected about 9 million accounts, the corporate informed Bleeping Computer.
Hackers focused an AT&T advertising provider within the January assault, not the corporate itself. The vendor didn’t identify the seller however mentioned the attackers exploited a safety gap within the vendor, which has since been patched. The firm additionally contacted federal regulation enforcement as required by regulation, assuring prospects that it doesn’t share private account info with authorities.
Affected prospects ought to allow extra password safety, corresponding to logging in with a PIN. The PIN will defend the person’s account from unhealthy actors calling AT&T and impersonating them with private info they’ve obtained. Customers also can request CPNI restrictions, which restrict however don’t stop firms from advertising different merchandise to customers.
Rival supplier T-Mobile suffered a extra severe assault in January. The breach affected 37 million prospects, who uncovered names, billing addresses, e mail addresses, telephone numbers, dates of start, account numbers, and repair plan info. However, no Social Security numbers or passwords have been disclosed.
The firm speculates that the attackers started utilizing the API to entry knowledge from November final 12 months till the corporate detected it on January 5 and stopped their operations. Another breach final summer time affected 77 million T-Mobile prospects, after which the corporate settled a $350 million class motion lawsuit.
The final main cybersecurity incident involving AT&T occurred in August 2021, when infamous risk actor ShinyHunters allegedly tried to promote the private info of 70 million prospects. The telecom large denies that the information cache got here from its system, however ShinyHunters stands by its authenticity and is providing the database for $200,000. As with the January hack, the data possible got here from one of many firm’s companions.
