AT&T Confirms Leak Of 73 Million Customers Data On Dark Web

[Ingomike]

Massive Data Breach: AT&T Confirms Personal Information Including Social Security Numbers of 73 Million Current and Former Customers Leaked on Dark Web | The Gateway Pundit | by Jim Hᴏft

AT&T has confirmed that a data set containing AT&T-specific information was leaked on the dark web around two weeks ago.

www.thegatewaypundit.com

 

[firecadet613]

Massive Data Breach: AT&T Confirms Personal Information Including Social Security Numbers of 73 Million Current and Former Customers Leaked on Dark Web | The Gateway Pundit | by Jim Hᴏft

AT&T has confirmed that a data set containing AT&T-specific information was leaked on the dark web around two weeks ago.

www.thegatewaypundit.com

Just another leak. I was part of the OMB hack years ago...seems like I have credit monitoring forever.

I just keep my file frozen and no issues, thankfully, until I forget to unfreeze it!

 

[WebSnyper]

AT&T needs to be hammered for this, even if it was a vendor. Vendor works on behalf of them.

And any penalty $ should be provided back to the people impacted, not just handed to the govt, and not just some BS credit monitoring.

I'm tired of companies not taking the hit they should on this stuff, with only a few exceptions.

I got a notice of this and in it AT&T says no financial data but then a sentence later indicates SSN's are likely part of this...

 

[patience0830]

Just one more reason to hate AT&T. As if the ones I have weren't quite sufficient.

 

[marvin02]

Anyone with AT&T get the account login page to load? I've been trying to log in and the sign in page won't load. Their servers are probably getting hammered.

 

[indyblue]

Anyone with AT&T get the account login page to load? I've been trying to log in and the sign in page won't load. Their servers are probably getting hammered.

I logged right in just now.

They are strangely silent so far, I have received no emails regarding this breach nor are there any alerts on my account page after logging in.

 

[nucular]

I don't understand why at&t even needs to store someone's SSN.

 

[SheepDog4Life]

These days it's best to assume that your identity information is compromised... I received notice from a former employer 15+ years ago that employee HR data had been breeched, received the credit monitoring, etc.

Since then, I've kept a permanent FREEZE on all three credit bureaus making it impossible for anyone, including me, to obtain credit. On the rare event that I am seeking credit, I logon and unfreeze the accounts temporarily, and once approved, re-FREEZE them.

Be sure to use FREEZE, by law the CBs are required to offer it free of charge. The also offer LOCK for a monthly fee, but I can ascertain no additional benefit for the fee service... other than profits for them.

 

[blain]

I don't understand why at&t even needs to store someone's SSN.

Let's face it, our SS numbers are out there in the wild. If not from AT&T, it would be from some other business or agency. Since our data is so compromised and identity theft so rampant, there's only one way to combat it...
A mark in our right hand or forehead.

 

[Ingomike]

Let's face it, our SS numbers are out there in the wild. If not from AT&T, it would be from some other business or agency. Since our data is so compromised and identity theft so rampant, there's only one way to combat it...
A mark in our right hand or forehead.

The credit agencies themselves have been hacked. It is out there…

 

[KLB]

AT&T needs ti be hammered for this, even if it was a vendor. Vendor works on behalf of them.

And any penalty $ should be provided back to the people impacted, not just handed to the govt, and not just some BS credit monitoring.

I'm tired of companies not taking the hit they should on this stuff, with only a few exceptions.

I got a notice of this and in it AT&T says no financial data but then a sentence later indicates SSN's are likely part of this...

What hit should they take? If that data can be directly linked to a financial loss by someone, sure they should be held responsible.

If you save information on a website, assume it will be stolen. Period. Not because the site is neglectful, but rather because it is basically impossible to truly protect data from bad actors.

 

[KLB]

These days it's best to assume that your identity information is compromised... I received notice from a former employer 15+ years ago that employee HR data had been breeched, received the credit monitoring, etc.

Since then, I've kept a permanent FREEZE on all three credit bureaus making it impossible for anyone, including me, to obtain credit. On the rare event that I am seeking credit, I logon and unfreeze the accounts temporarily, and once approved, re-FREEZE them.

Be sure to use FREEZE, by law the CBs are required to offer it free of charge. The also offer LOCK for a monthly fee, but I can ascertain no additional benefit for the fee service... other than profits for them.

This is one of the best things you can do to protect yourself. It makes it all but impossible for someone to use your identity to open bogus credit accounts.

 

[WebSnyper]

What hit should they take? If that data can be directly linked to a financial loss by someone, sure they should be held responsible.

If you save information on a website, assume it will be stolen. Period. Not because the site is neglectful, but rather because it is basically impossible to truly protect data from bad actors.

I understand this. However, many orgs do not take the proper handling of this data (should be encrypted, encryption keys not stored with data, etc) into account. They also should not put it off on their "vendors" as the vendor should be working under agreement with them, which should have penalties and requirements built in.

I have a good awareness of cyber threats, and because of that see companies that do not handle this data in the ways they should. More often than not, true intrusions are due to poor security measures, unpatched systems or lack of proper handling of admin accounts. There are other cases where nation states, etc are involved, but still often the low hanging fruit and lateral movement is what causes much of these breaches.

Beyond that of course and what these companies do, having an unchanging number that is the key to everyone's financial data is of course an outdated aspect of the govt.

 

[KLB]

Here are some general things to consider for online security.

Do you use different passwords for different logins? Every login you have should have a different password. Those passwords should be a minimum of 14 characters, the longer the better.


Get a password vault. Don't trust your browser to save your passwords. If you use good passwords, you'll most likely never be able to remember them.

 

[KLB]

I understand this. However, many orgs do not take the proper handling of this data (should be encrypted, encryption keys not stored with data, etc) into account. They also should not put it off on their "vendors" as the vendor should be working under agreement with them, which should have penalties and requirements built in.

I have a good awareness of cyber threats, and because of that see companies that do not handle this data in the ways they should. More often than not, true intrusions are due to poor security measures, unpatched systems or lack of proper handling of admin accounts. There are other cases where nation states, etc are involved, but still often the low hanging fruit and lateral movement is what causes much of these breaches.

Beyond that of course and what these companies do, having an unchanging number that is the key to everyone's financial data is of course an outdated aspect of the govt.

I can't find where they've said where the data came from. Just that they don't know of any breaches. For a pure exfiltration, they could well never find out how it was extracted.

From what I have seen, the data was encrypted. I saw mention that passcodes and SSNs were decrypted between the data being released previously and being released recently.

 

[dieselrealtor]

This is one of the reasons I absolutely refuse to give my SS unless there is absolutely no other option. Corporate TIN has worked in most cases, some charged a deposit with no SS.

Vectren charged me $500+ deposit on a foreclosure property that closed well over a decade ago, they finally decided to refund it this past year.

 

[Ingomike]

Get a password vault.

Do we have a graphic that shows how long it takes to hack a password vault?

 

[WebSnyper]

Here are some general things to consider for online security.

Do you use different passwords for different logins? Every login you have should have a different password. Those passwords should be a minimum of 14 characters, the longer the better.
View attachment 343922

Get a password vault. Don't trust your browser to save your passwords. If you use good passwords, you'll most likely never be able to remember them.

And MFA.

 

[MrSmitty]

I'm glad I'm not on the dark web then..

 

[blain]

Here are some general things to consider for online security.

Do you use different passwords for different logins? Every login you have should have a different password. Those passwords should be a minimum of 14 characters, the longer the better.
View attachment 343922

Get a password vault. Don't trust your browser to save your passwords. If you use good passwords, you'll most likely never be able to remember them.

I'm won't be worried about password security in 226 years.