"Hackers" Steal AT&T Data
Results 1 to 7 of 7

Thread: "Hackers" Steal AT&T Data

  1. #1
    Junior Member
    Join Date
    May 2006
    Posts
    21

    "Hackers" Steal AT&T Data

    Hackers broke into one of AT&T Inc.'s computer networks and stole credit card data and other personal information from several thousand customers who shopped at the telecommunication giant's online store.
    http://www.boston.com/business/artic...stomers_cards/

    I haven't seen anything on what exploit they used to get in. I'm going to take a wild guess and say AT&T isn't likely to reveal that piece of information...
    Information wants to be a fireman when it grows up.

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    *heh* I just posted this same thing... I checked to make sure no one else had posted it, and by the time I was done typing it up... someone beat me to it [I deleted my post] ... they say that they are offering free credit monitoring... this seems to happen alot... I think there should be some sort of penalty for companies that have large scale information leaks like this...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Senior Member treanglin's Avatar
    Join Date
    Dec 2003
    Posts
    111
    Ha. I just saw this on SLashdot and was going to post it too......but I see I missed the race completely.



    I'm willing to guess that the exploit used was the human factor or social engineering... I mean, c'mon, a company like AT&T has gotta be on their "A-Game" when it comes to tech security, and then It's like..."How long would it take for the guys monitoring the systems to notice ~ 19,000 ppl's records being downloaded or whatever?". Yeah I'd say somebody was "people hacking".
    "Do you know why the system is slow?" they ask

    "It's probably something to do with..." I look up today's excuse ".. clock speed"
    -BOFH

  4. #4
    Junior Member
    Join Date
    Aug 2006
    Posts
    2
    I would like to hear if they are subjected to any fines from VISA / MasterCard from PCI payment card industry security audit procedures.

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    maybe it was the pizza guys again..http://www.theregister.com/2006/08/24/pizza_fraud_scam/

    as for PCI fines... afaik, they only apply if you dopn't report or you're not "compliant"

    From Visa's site
    if a Visa member fails to immediately notify Visa USA Fraud Control of the suspected or confirmed loss or theft of any Visa transaction information, the member will be subject to a penalty of $100,000 per incident.

    Members are subject to fines, up to $500,000 per incident, for any merchant or service provider that is compromised and not compliant at the time of the incident.


    I think the PCI reg's rightly take into consideration that even though you are compliant, compromises can still happen. (knock on wood). As a PCI compliant company, I can still be at risk from a zero day IIS exploit (although i have IPS software which should prevent this). It would be hard to make a case that I have been negligent because an MS programmer forgot to plug a buffer overflow...(and you linux lovers just be quiet about me being negligent just by using MS ;P)
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  6. #6
    Junior Member
    Join Date
    Aug 2006
    Posts
    2
    Thanks for the reply...... And yes you are right that is what Visa site says....... But ............
    I've been in several conversations about a compromised merchant and that is not there intention........ After Wal-Mart was compromised, VISA told Wal-Mart, who is not a member, to become compliant. Wal-Mart being Wal-Mart told Visa to "Stick it".

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    hehe..well yes... but doesn't walmart own the US economy? :O

    of course fining them would only mean they have to reduce what they pay to their chinese factory workers...

    Walmart - always low prices (even if it means destroying one (or two) economy and fecking over another)


    (oops... did i say that?)
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •