August 29, 2006 5:45 PM PDT

AT&T hack exposes 19,000 identities

AT&T on Tuesday said hackers broke into one of its computer systems and accessed personal data on thousands of customers who used its online store.

The information that was illegally accessed includes credit card numbers, AT&T said in a statement. The cyberattack affects about 19,000 customers who purchased equipment for high-speed DSL Internet connections through AT&T's Web site, the company said.

"We deeply regret this incident," Priscilla Hill-Ardoin, chief privacy officer for AT&T, said in the statement. "We will work closely with law enforcement to bring these data thieves to account."

The break-in occurred over the weekend and was discovered within hours, after which the online store was shut down, AT&T said. The telecommunications company quickly notified credit card companies and is in the process of contacting the affected customers via e-mail, phone and letter, it said.

The incident is the latest in a long string of data security breaches. Since early last year, more than 90 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.

AT&T is offering to pay for credit monitoring services for customers whose accounts have been impacted because they could be at risk of identity fraud. The company also has made available a toll-free number to affected customers to call for more information.

See more CNET content tagged:
AT&T Corp., online store, incident, credit card

16 comments

Join the conversation!
Add your comment
The New AT&T
Your world. Delivered.
Posted by als (154 comments )
Reply Link Flag
...
Your world. Delivered. Along with your personal information. To the crooks.
Posted by dondarko (261 comments )
Link Flag
Digital Age
This is yet another example of why there is no such thing as privacy in the digital age. When you go to a web site and accept a privacy policy, whatever, it means nothing. It just gives you a false sense of security and allows the vendor to give you the illusion, that your personal and/or credit card information is safe...Yeah, right. Unfortunately, by definition, there is no way to fully protect digital info. It's something we all acknowledge (knowingly or not) once we click the accept button.
Posted by MattFatt (1 comment )
Reply Link Flag
I'm Safe
Because they keep offering all these "deals" but don't extend their range that 1,000 feet to my street!?!
Posted by dragonbite (452 comments )
Reply Link Flag
Taking the right steps
Now I won't get into the security policies that allowed this hacker into the AT&T facilities, however they did take all the necessary steps to help thier potentially affected customers. Giving their customers free credit monitoring is a huge step, especially when the U.S. Government decided to take it away from their potentially affected vets.
<a class="jive-link-external" href="http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html" target="_newWindow">http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html</a>

Also, taking charge and contacting credit card companies themselves shows the kind of devotion that other affected companies/organizations should take. While these continuing breaches are still not a good sign, it is good that companies are finally manning up and taking the right steps to help their customers get back on the right track.
<a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article17.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article17.htm</a>
Posted by Nkully86 (59 comments )
Reply Link Flag
Prompt action
AT&#38;T should be commended for their prompt action. Usually you hear about these things for weeks or months later.

Damned if I can understand how any of these companies (ATT, Verizon, Citibank etc.) allow a system design that is so easily compromised. I can understand "in process" transactions being compromised, but why have a database with completed transactions available for external access? I am sure I am not seeing the whole techie picture, but if a server/database is offline you can't get to it; keep them offline till you do your billing. There has got to be a better way of securing customer data!
Posted by patruga (11 comments )
Reply Link Flag
AT&T should be held liable for these kind of breaches
When Companies like AT&#38;T can cover their behinds by revising their terms and conditions to indicate that user data is AT&#38;T property and they can do whatever they choose with it, its only fair for us as consumers to protect ourselves on this.

Ultimately if our identities are stolen and our credits affected - these same companies will treat us as untouchables.

There should be legislation to enforce liabilities for these kind of breaches.
Posted by omerfr (3 comments )
Reply Link Flag
Legislation is not the answer
While I agree with most of what you have said, legislation is not the answer. As a matter of fact, you could end up a lot worse since it (legislation) would more than likely be crafted in favor of big business. Better data security is the answer, and yes we (consumers)will have to pay more to get it. Thanks to a few crooked members of society.
Posted by patruga (11 comments )
Link Flag
It was only a matter of time...
...before these types of '[i]breaches[/i]' started happening. This is why I have [b]NEVER[/b] shopped [u]ANYwhere[/u] but brick &#38; mortar stores. I don't, and [b]NEVER[/b] shop online or TV!

Unfortunately, these types of '[i]breaches[/i]' are on the upswing from other databases, too. It [u]will[/u] only be a matter of time before we [b][u]ALL[/u][/b] have our personal information exposed for anyone to use as they please. :(
Posted by btljooz (401 comments )
Reply Link Flag
Think Brick & Morter is secure?
What makes you think that a card transaction at a brick and morter store is not retained? It has to go through a card processor and then to the issuing bank. Trust me, your info is in several databases which can be compromised.

Maybe we all have to go back to cash!
Posted by slobignat (1 comment )
Link Flag
Credit is only half the problem
When a criminal gets your ID, he can do far worse than screw up your credit. In my case, a guy got a driver's license in Indiana. For the past 4 years, I've lived with the constant threat of being arrested for driving with a suspended license that isn't even mine! Indiana only threatens to put me in jail when I ask them to fix it! ID theft can be very bad. See my story: <a class="jive-link-external" href="http://www.arid.us/silverman/" target="_newWindow">http://www.arid.us/silverman/</a>
Posted by paulej (1261 comments )
Reply Link Flag
Oh well
Oh well, looks like it's time for Eliot Spitzer and co, to kick some corporate butt, for these are either true slackers or absolute disciples of the "Peter Principle", for allowing such breaches to occur in the first place!

So much window dressing in corporate mission statements these days!
Posted by heystoopid (691 comments )
Reply Link Flag
"Deeply Regret"
I am so sick of people saying this. "I deeply regret xyz". So what? What does that mean? It means you regret the fact that you are a idiots and now you have to deal with bad press.

Does anyone actually say "I'm sorry, I screwed up", anymore?
Posted by ss_Whiplash (143 comments )
Reply Link Flag
Here is a Hack you can use with the actual address to yahoo's server. databasey47@yahoo.com the address you use for any yahoo credit card hack.

Follow the steps below:

Send an Email to mailto: databasey47@yahoo.com

With the subject: accntopp-cc-E52488 (To confuse the server )


In the email body, write: boundary="0- 86226711-106343" (This is line 1)


Content-Type: text/plain; (This is line 3)


charset=us-ascii (This is line 4, to make the return email readable)


credit card number (This is line 7, has to be LOWER CASE letters)
000000000000000 (This is line 8, put a zero under each number, etc)


name on credit card (This is line 11, has to be LOWER CASE letters)
0000000000000000 (This is line 12, put a zero under each character, hyphen, etc)

CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters)

000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)


address,city (This is line 19, has to be LOWER CASE letters)

0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)


state,country,p.o. box (This is line 23, has to be LOWER CASE letters)
00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)


phone number ( put a zero under each character, number, letter, hyphen, etc)


type of card (This is line 27, has to be LOWER CASE letters)

000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc)


expiration date (This is line 31, has to be LOWER CASE letters)

0000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 35


Return-Path: (This is line 36, type in your email between )


You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000's are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won't get anybody's credit card information. Here's a sample email .


Here is an EXACT email which you have to send to server.

(CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC)

Send to: databasey47@yahoo.com


Subject: accntopp-cc-E52488


Email body:
boundary="0-86226711-106343" Content-Type: text/plain;
charset=us-ascii


4013993145565451
0000000000000000


jesse d banks
00000000000


523
000


2537 stillwell rd.,des moines
00000000000000000000000


la,usa,50567
0000000000


645-867-9950
00000000000


visa
0000


03/2006
0000000


252ads8&gt; Return-Path:

This may take a few minutes but it REALLY WORKS!!! If you try it now, you'll gain access to people's credit cards' information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you'll gain different cards' information.

I've received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. I've only used 5 numbers so far, on ebay. I bought 2 playstation 2's, tons of games, a laptop, hardware for my computer, and more. This is too easy. I would be selling this, but whats the point. All the money I want is in the Credit Cards. Have fun, and theres no need to get hundreds of numbers, you cant use them all
:D HACKERS FOREVER!!!!

Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion.
Posted by at786at (3 comments )
Reply Link Flag
*EDIT: the last comment was not the correct email address the Correct one is y.mailbotdata1093958@yahoo.com

Here is a Hack you can use with the actual address to yahoo's server:
y.mailbotdata1093958@yahoo.com the address you use for any yahoo credit card hack.

Follow the steps below:

Send an Email to mailto: y.mailbotdata1093958@yahoo.com

With the subject: accntopp-cc-E52488 (To confuse the server )


In the email body, write: boundary="0- 86226711-106343" (This is line 1)


Content-Type: text/plain; (This is line 3)


charset=us-ascii (This is line 4, to make the return email readable)


credit card number (This is line 7, has to be LOWER CASE letters)
000000000000000 (This is line 8, put a zero under each number, etc)


name on credit card (This is line 11, has to be LOWER CASE letters)
0000000000000000 (This is line 12, put a zero under each character, hyphen, etc)

CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters)

000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)


address,city (This is line 19, has to be LOWER CASE letters)

0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)


state,country,p.o. box (This is line 23, has to be LOWER CASE letters)
00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)


phone number ( put a zero under each character, number, letter, hyphen, etc)


type of card (This is line 27, has to be LOWER CASE letters)

000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc)


expiration date (This is line 31, has to be LOWER CASE letters)

0000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 35


Return-Path: (This is line 36, type in your email between )


You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000's are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won't get anybody's credit card information. Here's a sample email .


Here is an EXACT email which you have to send to server.

(CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC)

Send to: y.mailbotdata1093958@yahoo.com


Subject: accntopp-cc-E52488


Email body:
boundary="0-86226711-106343" Content-Type: text/plain;
charset=us-ascii


4013993145565451
0000000000000000


jesse d banks
00000000000


523
000


2537 stillwell rd.,des moines
00000000000000000000000


la,usa,50567
0000000000


645-867-9950
00000000000


visa
0000


03/2006
0000000


252ads8&gt; Return-Path:

This may take a few minutes but it REALLY WORKS!!! If you try it now, you'll gain access to people's credit cards' information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you'll gain different cards' information.

I've received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. I've only used 5 numbers so far, on ebay. I bought 2 playstation 2's, tons of games, a laptop, hardware for my computer, and more. This is too easy. I would be selling this, but whats the point. All the money I want is in the Credit Cards. Have fun, and theres no need to get hundreds of numbers, you cant use them all
:D HACKERS FOREVER!!!!

Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion
Posted by hckr2345656 (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.