backtop


Print 34 comment(s) - last by smij.. on Jun 16 at 3:57 PM


  (Source: Know Your Meme)
One tech at an AT&T contractor suggests that you shouldn't preorder the iPhone 4

Security is a lot like combating illness -- sometimes you have a relatively minor issue that affects many people, other times you have a major issue that only affects a few.  AT&T's iPad email leak and its ramifications were bad enough, but AT&T's latest breach appears to be even worse.

This morning the iPhone 4 preorder process was having some serious denial of service issues thanks to a deluge of customers looking to order the hot new phone from Apple.  But AT&T's servers didn't just deny service to some -- they also apparently started doing some naughty things as well.  

Several customers have written reporting that they logged in to their AT&T accounts, only to enter another user's account.  Full information, including bills, phone numbers, possible credit card information, addresses, and more greeted them according to growing reports over at Gizmodo.

This nightmarish scenario, appears only to be affecting a few of AT&T's subscribers, but for those impacted it could lead to some very serious problems, should the info fall into the hands of someone who might be tempted to abuse it.

One user, John King, describes:
I LOGGED IN AS ME AND IT BROUGHT UP A MARY ???? BIG PROBLEM
-JPK
A tech at one of AT&T's contractors reveals an untested security update rolled out to servers over the weekend may be to blame.  They write:
I work at a 3rd party order processing facility—what AT&T refers to as a 3CC. We process business-to-business, business-to-customer Wireline Indirect, and ACME/PAC (what AT&T calls their iPhone program internally). Agents use AT&T programs called Phoenix, Telegence, Compass, Ordertrack and myCSP to process orders.

Over the weekend there was a major fraud update that went down on all of AT&T's systems, from Saturday overnight to Sunday early morning. All systems were down and agents were unable to use any systems.

The issues people are seeing at AT&T stores and online are most likely related to this update that went wrong.

I do know that there was absolutely NO TESTING of this system done before the launch of the new iPhone. I know it's just heresay at this point, but I can confirm that there was a major outage over the weekend that impacted all ordering systems and programs, and I can confirm that there were multiple systems being upgraded/updated, with some updates being related to fraud.

At this point, I can say that the system that AT&T uses to send automated orders to be processed is as of this very moment down completely. Our facility is unable to process any orders by phone or by automation.

[Regarding the identity problem] Whenever we see people who are logging in and seeing other customer's account info, it is an issue with the databases that contain customer information. Orders that contain any information like this can cross customer information, and cause a customer be able to see other accounts by logging out and logging back in. This means that when they log in a few times, it gives them different customer account info every time. It's a rare occurrence, but it has happened in the past.

You might want to advise people to not get the upgrade at this point as it may be a doorway to a major privacy breach.

So apparently the advice from at least one source close to AT&T is pretty drastic -- don't order the iPhone 4, if you don't want your credit cards and other info exposed.  One can only shake there head in amazement at how AT&T let this happen after their iPad bungle last week.

Update 1: Tues. June 15, 2010 8:45 p.m. 
We just received the following official statement from AT&T explaining their knowledge of the situation and what definitely has not been leaked.  The statement is as follows:
We have received reports of customers inadvertently seeing the wrong account information during the iPhone 4 purchasing process.  We have been unable to replicate the issue, but the information displayed did not include call-detail records, social security numbers, or credit card information.    In the meantime, we are looking into this matter.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

All of AT&T Breached?
By tjvanpat on 6/15/2010 6:55:25 PM , Rating: 2
I'm missing the part of this story that states only those performing iPhone 4 preorders were affected. This sounds to me like anyone with an account at AT&T had the potential to have their account breached. It seems more like coincidence that this was seen more often today (rather than Monday), because of the large number of people attempting to preorder iPhones.

To be entirely honest, while I prefer that my data is never exposed, I would rather some 'average Joe' comes across it (and likely backs out to reattempt the login), than someone that is maliciously looking for data. Whether or not my account got breached today seems to be entirely based on luck, with an even slimmer chance that anything happened if it did. This is not a case of a group of hackers obtaining millions of credit card numbers to be sold...yet.

However, don't get me wrong. I'm still not happy about this at all.




RE: All of AT&T Breached?
By thrust2night on 6/15/2010 8:53:36 PM , Rating: 3
Don't worry. Tomorrow morning AT&T will release a statement blaming Goatse Security. :D


RE: All of AT&T Breached?
By spread on 6/15/2010 9:02:39 PM , Rating: 3
Looks like AT&T has lots of gaping backdoors.


RE: All of AT&T Breached?
By muhahaaha on 6/15/2010 9:08:31 PM , Rating: 2
That statement made me shiver. I don't want anything to intrude into my "back door"


RE: All of AT&T Breached?
By Spivonious on 6/16/2010 9:47:00 AM , Rating: 2
Does anyone else find it funny that Goatse specializes in finding gaping backdoors?


RE: All of AT&T Breached?
By tastyratz on 6/16/2010 10:38:17 AM , Rating: 2
I also find strange amusement in his recent arrest including blow. I guess the blow plugs that gaping hole for at&t


RE: All of AT&T Breached?
By jhb116 on 6/15/2010 9:05:28 PM , Rating: 3
And the funny thing is that Apple (which I'm not a big fan of) ends up suffering. Is that Irony??

BTW - I hope everyone remember this is 5-10 years when Google or Microsoft (or possibly HP or RIM) rule the cell phone OS market and Verizon owns the cell market. One incident doesn't spell the end but AT&T is looking like an asylum run by the inmates....


RE: All of AT&T Breached?
By rs1 on 6/16/2010 1:43:02 AM , Rating: 5
I don't understand how any company as large as AT&T can roll out any sort of server update and do "absolutely no testing" on it. Their servers are their lifeblood, you don't just drop in a new patch without first thoroughly testing it in QA. They should fire whoever they have managing their deployment process.

Also, I love their official comments on the problem:

quote:

We have been unable to replicate the issue, but the information displayed did not include call-detail records, social security numbers, or credit card information.


So if you can't replicate it, how do you know that it did not include those details? You are relying on third-party accounts of the issue, and have no idea what is really happening. Ruling out possibilities is premature at this stage.


RE: All of AT&T Breached?
By lolmuly on 6/16/2010 7:39:08 AM , Rating: 2
aside from all of this AT&T's service still sucks balls.

I don't have a 3g phone (yet), but they still manage to drop 50% of my calls, and it sometimes takes hours for me to receive a text message. My girlfriend gets mad at me when she calls, because most of the time it doesn't go through to my phone, it just goes to voice mail and I don't even receive a missed call notice to tell me who it was from.

The worst part is I live in the middle of phoenix, the average building here is 2 stories tall, I can't imagine what it's like in new york.

I wouldn't even consider buying a 3g at&t phone, based on what my friends have told me the service is even worse.


RE: All of AT&T Breached?
By MrBlastman on 6/16/2010 9:23:18 AM , Rating: 2
Not only that...

quote:
Several customers have written reporting that they logged in to their AT&T accounts, only to enter another user's account.


These people that reported the problem will be illegally searched by the FBI and police and threatened to be thrown in jail for tainting the great AT&T's reputation.

With AT&T and Apple, there is only strict compliance--or you are executed, at which time your Liver is harvested for Steve.


RE: All of AT&T Breached?
By thrust2night on 6/16/2010 9:47:56 AM , Rating: 2
That's what they get for reporting gaping holes. And we all thought Jobs liked to keep it PG-13. :)


RE: All of AT&T Breached?
By HrilL on 6/16/2010 12:34:10 PM , Rating: 2
Seems like its time for a class action against At&t since money is their only motivator.


All this exposing...
By CrazyBernie on 6/16/2010 3:43:48 AM , Rating: 2
Gaping holes, private parts... where does it all end? Is AT&T/Apple at least handing out cigarettes?




RE: All this exposing...
By R3T4rd on 6/16/2010 4:24:07 AM , Rating: 2
Last time I remmeber....with help from a guy named Al Kolic, a gaping hole, and then cigarettes, I created my successor.


I'm done with AT&T
By RjBass on 6/15/2010 11:23:00 PM , Rating: 3
I have been a loyal AT&T customer for the past 6 years, but now I can honestly say I'm done. News like this, coupled with the fact that AT&T still has yet to release a single GOOD Android based phone just tells me that they are no longer worth all the hassle.

I'm switching to another carrier first thing tomorrow.




hack the planet
By RivuxGamma on 6/15/2010 6:15:10 PM , Rating: 2
Sweet! I can be a hacker just for the price of a new iPhone.

Maybe I should brush up on my "leet" so I can hang out with my cool new friends...




New AT&T Slogan ---
By chick0n on 6/16/2010 1:11:47 AM , Rating: 2
"AT&T, Your Email/Name/Address/Social Security numbers/Phone numbers/Credit card info, Delivered"

"Nation's worst wireless carrier!"

"The Nation's fastest data breach!"

"The most dropped calls in the nation!"




what else is new!?!
By smij on 6/16/2010 3:57:08 PM , Rating: 2
it seems like every day we hear of more cases of our personal info being "leaked" because of mistakes being made. it just seems like it's not if, but when will your info be made public. Scary!




article aside..
By muhahaaha on 6/15/10, Rating: 0
The thing about Apple fanboys is...
By phatboye on 6/15/10, Rating: -1
RE: The thing about Apple fanboys is...
By SongEmu on 6/15/2010 6:00:06 PM , Rating: 5
I'm pretty sure the entire point of this article *isn't* about whether or not you like Apple. It's "Wow. AT&T screwed up. AGAIN."


RE: The thing about Apple fanboys is...
By Obujuwami on 6/15/2010 6:36:24 PM , Rating: 2
Agree! If AT&T wasn't so fail we wouldn't have wonderful articles like this...or wonderful people to mock when they obviously don't comprehend what the article was about.

For those people, let me summarize: AT&T pulled the #2 no no in the IT world. They deployed without testing and because of this they have yet another security breach in their system. Don't buy the iPhone 4 yet unless you want your info stolen.

There, that saved you embarrassment and was free. Take the money you saved and take a comprehension class at a local college.


RE: The thing about Apple fanboys is...
By fic2 on 6/15/2010 6:48:59 PM , Rating: 2
Is your info really stolen if AT&T is just giving it away?


RE: The thing about Apple fanboys is...
By muhahaaha on 6/15/2010 7:15:55 PM , Rating: 4
if an AT&T cell tower fell in the forest and no one was there to hear it, did it really make a noise?

they don't have any in the forest so we'll never know :P


RE: The thing about Apple fanboys is...
By crleap on 6/15/2010 6:30:47 PM , Rating: 2
know how fanboys will cling to any shred of information, no matter how irrelevant or maybe even blatantly false it may be? know how they never pass up an opportunity to spew forth propaganda supporting their views of the holy grail of whatever-piece-of-equipment it is that they are hopelessly in love with? know how they end up looking like blithering idiots when they jump the gun and disregard clear facts and stand at a mountaintop proclaiming their case as though it were inscribed in stone tablets, evidence to the contrary be damned?

Well, there could be the same label applied to someone who never passes up an opportunity to bash a company, no matter how irrelevant or fabricated their flawed logic may be. That's your label, anti-apple fanboy. Welcome to the crowd of blithering idiots... your views and presentation are just as emotional and flawed as fanboys who swear the new mac mini is a great value....

Apple didn't do this, AT&T did. Please, read at least more than the headline before you post. It's not like Mick's articles are hard to digest.


RE: The thing about Apple fanboys is...
By phatboye on 6/15/2010 6:50:02 PM , Rating: 1
I never once said it was apple's fault. Did you even read my post? In fact at the end I said it wasn't. So I don't understand what your post is about and why I got voted down.

Even though this incident was not Apple's fault (like I already stated) the fact remains that Apple is in an exclusive contract with AT&T. Add on to that the fact that this incident was exclusive to Apple's iPhone, as this does not affect any of the other phones AT&T carries, and you have a situation that does not bode well for either Apple or AT&T.


By amanojaku on 6/15/2010 8:12:53 PM , Rating: 2
You got voted down for ripping into Apple fanboys when none of them posted anything. And you got voted down for implying that Apple would be wrong for saying "it's not our fault" when, by your own admission, it clearly is NOT Apple's fault.

Now your second post is insisting that Apple should share the blame because of the exclusivity contract. This is all on AT&T. Apple does NOT get involved in AT&T's order processing systems, which have been in place for many years prior to the contract. This is just piss-poor internal IT.


RE: The thing about Apple fanboys is...
By roadhog1974 on 6/15/2010 6:54:31 PM , Rating: 1
that is all.


By roadhog1974 on 6/15/2010 7:16:58 PM , Rating: 2
user fail.

preview reverts the header.
Stupid software(fail assist).


RE: The thing about Apple fanboys is...
By xpax on 6/15/2010 8:24:53 PM , Rating: 2
Technically, it is their fault. If they hadn't released a new phone, this wouldn't have happened.


RE: The thing about Apple fanboys is...
By R3T4rd on 6/16/2010 4:32:34 AM , Rating: 2
Um.....I hate "the chicken or the egg" questions/comments. It just gets more confusing. Just say one or the other. Or you could just blame his holiness Jobs.


By Kim Leo on 6/16/2010 7:06:50 AM , Rating: 2
quote:
by R3T4rd on June 16, 2010 at 4:32 AM Um.....I hate "the chicken or the egg" questions/comments. It just gets more confusing. Just say one or the other. Or you could just blame his holiness Jobs


Yeah it doesn't really have anything to do with this. But The chicken or the egg question actually have a very simple answer, and it's the egg, it was produced by the chickens earliest ancestor(Evolution).

But really this is completely AT&T and their horrible security.


By Kim Leo on 6/16/2010 7:01:05 AM , Rating: 2
quote:
by xpax on June 15, 2010 at 8:24 PM Technically, it is their fault. If they hadn't released a new phone, this wouldn't have happened.


That's pretty silly to say that, look I loath Apple, I find their Business practice wrong and I will never ever buy anything Apple, all that being said, this is not Apples fault in any way, not technically or some other way, this is AT&T and Security issues, and who are you to claim that if the new Iphone wasn't released that this wouldn't have been some other release?

I'm surprised how bad AT&T is, I talked to someone from America telling me about the problems he have had with AT&T, and it amazes me, like 3G signal, I live in Norway, I can litterally go to the mountains here in Norway and still maintain a full 3G signal, where he explained that sometimes the fact that his phone was in his pocket was enough to keep out signal, and these two security breaches? It looks to me like AT&T is a highly unprofessional company, the only thing I would question Apple on with regard to this is why the hell they chose AT&T?

But yeah I love that I live in Norway and that I have a HTC Desire :D


"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki