Print 34 comment(s) - last by smij.. on Jun 16 at 3:57 PM

  (Source: Know Your Meme)
One tech at an AT&T contractor suggests that you shouldn't preorder the iPhone 4

Security is a lot like combating illness -- sometimes you have a relatively minor issue that affects many people, other times you have a major issue that only affects a few.  AT&T's iPad email leak and its ramifications were bad enough, but AT&T's latest breach appears to be even worse.

This morning the iPhone 4 preorder process was having some serious denial of service issues thanks to a deluge of customers looking to order the hot new phone from Apple.  But AT&T's servers didn't just deny service to some -- they also apparently started doing some naughty things as well.  

Several customers have written reporting that they logged in to their AT&T accounts, only to enter another user's account.  Full information, including bills, phone numbers, possible credit card information, addresses, and more greeted them according to growing reports over at Gizmodo.

This nightmarish scenario, appears only to be affecting a few of AT&T's subscribers, but for those impacted it could lead to some very serious problems, should the info fall into the hands of someone who might be tempted to abuse it.

One user, John King, describes:
A tech at one of AT&T's contractors reveals an untested security update rolled out to servers over the weekend may be to blame.  They write:
I work at a 3rd party order processing facility—what AT&T refers to as a 3CC. We process business-to-business, business-to-customer Wireline Indirect, and ACME/PAC (what AT&T calls their iPhone program internally). Agents use AT&T programs called Phoenix, Telegence, Compass, Ordertrack and myCSP to process orders.

Over the weekend there was a major fraud update that went down on all of AT&T's systems, from Saturday overnight to Sunday early morning. All systems were down and agents were unable to use any systems.

The issues people are seeing at AT&T stores and online are most likely related to this update that went wrong.

I do know that there was absolutely NO TESTING of this system done before the launch of the new iPhone. I know it's just heresay at this point, but I can confirm that there was a major outage over the weekend that impacted all ordering systems and programs, and I can confirm that there were multiple systems being upgraded/updated, with some updates being related to fraud.

At this point, I can say that the system that AT&T uses to send automated orders to be processed is as of this very moment down completely. Our facility is unable to process any orders by phone or by automation.

[Regarding the identity problem] Whenever we see people who are logging in and seeing other customer's account info, it is an issue with the databases that contain customer information. Orders that contain any information like this can cross customer information, and cause a customer be able to see other accounts by logging out and logging back in. This means that when they log in a few times, it gives them different customer account info every time. It's a rare occurrence, but it has happened in the past.

You might want to advise people to not get the upgrade at this point as it may be a doorway to a major privacy breach.

So apparently the advice from at least one source close to AT&T is pretty drastic -- don't order the iPhone 4, if you don't want your credit cards and other info exposed.  One can only shake there head in amazement at how AT&T let this happen after their iPad bungle last week.

Update 1: Tues. June 15, 2010 8:45 p.m. 
We just received the following official statement from AT&T explaining their knowledge of the situation and what definitely has not been leaked.  The statement is as follows:
We have received reports of customers inadvertently seeing the wrong account information during the iPhone 4 purchasing process.  We have been unable to replicate the issue, but the information displayed did not include call-detail records, social security numbers, or credit card information.    In the meantime, we are looking into this matter.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

The thing about Apple fanboys is...
By phatboye on 6/15/2010 5:49:17 PM , Rating: -1
After all the recent negative news that has been released about Apple over the past few months the Apple fan boys will continue to stand behind any POS device Apple produces. So I doubt this will change anything, they will just say that this was a freak accident and that this was not Apple's fault (although it really isn't their fault).

RE: The thing about Apple fanboys is...
By SongEmu on 6/15/2010 6:00:06 PM , Rating: 5
I'm pretty sure the entire point of this article *isn't* about whether or not you like Apple. It's "Wow. AT&T screwed up. AGAIN."

RE: The thing about Apple fanboys is...
By Obujuwami on 6/15/2010 6:36:24 PM , Rating: 2
Agree! If AT&T wasn't so fail we wouldn't have wonderful articles like this...or wonderful people to mock when they obviously don't comprehend what the article was about.

For those people, let me summarize: AT&T pulled the #2 no no in the IT world. They deployed without testing and because of this they have yet another security breach in their system. Don't buy the iPhone 4 yet unless you want your info stolen.

There, that saved you embarrassment and was free. Take the money you saved and take a comprehension class at a local college.

RE: The thing about Apple fanboys is...
By fic2 on 6/15/2010 6:48:59 PM , Rating: 2
Is your info really stolen if AT&T is just giving it away?

RE: The thing about Apple fanboys is...
By muhahaaha on 6/15/2010 7:15:55 PM , Rating: 4
if an AT&T cell tower fell in the forest and no one was there to hear it, did it really make a noise?

they don't have any in the forest so we'll never know :P

RE: The thing about Apple fanboys is...
By crleap on 6/15/2010 6:30:47 PM , Rating: 2
know how fanboys will cling to any shred of information, no matter how irrelevant or maybe even blatantly false it may be? know how they never pass up an opportunity to spew forth propaganda supporting their views of the holy grail of whatever-piece-of-equipment it is that they are hopelessly in love with? know how they end up looking like blithering idiots when they jump the gun and disregard clear facts and stand at a mountaintop proclaiming their case as though it were inscribed in stone tablets, evidence to the contrary be damned?

Well, there could be the same label applied to someone who never passes up an opportunity to bash a company, no matter how irrelevant or fabricated their flawed logic may be. That's your label, anti-apple fanboy. Welcome to the crowd of blithering idiots... your views and presentation are just as emotional and flawed as fanboys who swear the new mac mini is a great value....

Apple didn't do this, AT&T did. Please, read at least more than the headline before you post. It's not like Mick's articles are hard to digest.

RE: The thing about Apple fanboys is...
By phatboye on 6/15/2010 6:50:02 PM , Rating: 1
I never once said it was apple's fault. Did you even read my post? In fact at the end I said it wasn't. So I don't understand what your post is about and why I got voted down.

Even though this incident was not Apple's fault (like I already stated) the fact remains that Apple is in an exclusive contract with AT&T. Add on to that the fact that this incident was exclusive to Apple's iPhone, as this does not affect any of the other phones AT&T carries, and you have a situation that does not bode well for either Apple or AT&T.

By amanojaku on 6/15/2010 8:12:53 PM , Rating: 2
You got voted down for ripping into Apple fanboys when none of them posted anything. And you got voted down for implying that Apple would be wrong for saying "it's not our fault" when, by your own admission, it clearly is NOT Apple's fault.

Now your second post is insisting that Apple should share the blame because of the exclusivity contract. This is all on AT&T. Apple does NOT get involved in AT&T's order processing systems, which have been in place for many years prior to the contract. This is just piss-poor internal IT.

RE: The thing about Apple fanboys is...
By roadhog1974 on 6/15/2010 6:54:31 PM , Rating: 1
that is all.

By roadhog1974 on 6/15/2010 7:16:58 PM , Rating: 2
user fail.

preview reverts the header.
Stupid software(fail assist).

RE: The thing about Apple fanboys is...
By xpax on 6/15/2010 8:24:53 PM , Rating: 2
Technically, it is their fault. If they hadn't released a new phone, this wouldn't have happened.

RE: The thing about Apple fanboys is...
By R3T4rd on 6/16/2010 4:32:34 AM , Rating: 2
Um.....I hate "the chicken or the egg" questions/comments. It just gets more confusing. Just say one or the other. Or you could just blame his holiness Jobs.

By Kim Leo on 6/16/2010 7:06:50 AM , Rating: 2
by R3T4rd on June 16, 2010 at 4:32 AM Um.....I hate "the chicken or the egg" questions/comments. It just gets more confusing. Just say one or the other. Or you could just blame his holiness Jobs

Yeah it doesn't really have anything to do with this. But The chicken or the egg question actually have a very simple answer, and it's the egg, it was produced by the chickens earliest ancestor(Evolution).

But really this is completely AT&T and their horrible security.

By Kim Leo on 6/16/2010 7:01:05 AM , Rating: 2
by xpax on June 15, 2010 at 8:24 PM Technically, it is their fault. If they hadn't released a new phone, this wouldn't have happened.

That's pretty silly to say that, look I loath Apple, I find their Business practice wrong and I will never ever buy anything Apple, all that being said, this is not Apples fault in any way, not technically or some other way, this is AT&T and Security issues, and who are you to claim that if the new Iphone wasn't released that this wouldn't have been some other release?

I'm surprised how bad AT&T is, I talked to someone from America telling me about the problems he have had with AT&T, and it amazes me, like 3G signal, I live in Norway, I can litterally go to the mountains here in Norway and still maintain a full 3G signal, where he explained that sometimes the fact that his phone was in his pocket was enough to keep out signal, and these two security breaches? It looks to me like AT&T is a highly unprofessional company, the only thing I would question Apple on with regard to this is why the hell they chose AT&T?

But yeah I love that I live in Norway and that I have a HTC Desire :D

"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki