Print 34 comment(s) - last by smij.. on Jun 16 at 3:57 PM

  (Source: Know Your Meme)
One tech at an AT&T contractor suggests that you shouldn't preorder the iPhone 4

Security is a lot like combating illness -- sometimes you have a relatively minor issue that affects many people, other times you have a major issue that only affects a few.  AT&T's iPad email leak and its ramifications were bad enough, but AT&T's latest breach appears to be even worse.

This morning the iPhone 4 preorder process was having some serious denial of service issues thanks to a deluge of customers looking to order the hot new phone from Apple.  But AT&T's servers didn't just deny service to some -- they also apparently started doing some naughty things as well.  

Several customers have written reporting that they logged in to their AT&T accounts, only to enter another user's account.  Full information, including bills, phone numbers, possible credit card information, addresses, and more greeted them according to growing reports over at Gizmodo.

This nightmarish scenario, appears only to be affecting a few of AT&T's subscribers, but for those impacted it could lead to some very serious problems, should the info fall into the hands of someone who might be tempted to abuse it.

One user, John King, describes:
A tech at one of AT&T's contractors reveals an untested security update rolled out to servers over the weekend may be to blame.  They write:
I work at a 3rd party order processing facility—what AT&T refers to as a 3CC. We process business-to-business, business-to-customer Wireline Indirect, and ACME/PAC (what AT&T calls their iPhone program internally). Agents use AT&T programs called Phoenix, Telegence, Compass, Ordertrack and myCSP to process orders.

Over the weekend there was a major fraud update that went down on all of AT&T's systems, from Saturday overnight to Sunday early morning. All systems were down and agents were unable to use any systems.

The issues people are seeing at AT&T stores and online are most likely related to this update that went wrong.

I do know that there was absolutely NO TESTING of this system done before the launch of the new iPhone. I know it's just heresay at this point, but I can confirm that there was a major outage over the weekend that impacted all ordering systems and programs, and I can confirm that there were multiple systems being upgraded/updated, with some updates being related to fraud.

At this point, I can say that the system that AT&T uses to send automated orders to be processed is as of this very moment down completely. Our facility is unable to process any orders by phone or by automation.

[Regarding the identity problem] Whenever we see people who are logging in and seeing other customer's account info, it is an issue with the databases that contain customer information. Orders that contain any information like this can cross customer information, and cause a customer be able to see other accounts by logging out and logging back in. This means that when they log in a few times, it gives them different customer account info every time. It's a rare occurrence, but it has happened in the past.

You might want to advise people to not get the upgrade at this point as it may be a doorway to a major privacy breach.

So apparently the advice from at least one source close to AT&T is pretty drastic -- don't order the iPhone 4, if you don't want your credit cards and other info exposed.  One can only shake there head in amazement at how AT&T let this happen after their iPad bungle last week.

Update 1: Tues. June 15, 2010 8:45 p.m. 
We just received the following official statement from AT&T explaining their knowledge of the situation and what definitely has not been leaked.  The statement is as follows:
We have received reports of customers inadvertently seeing the wrong account information during the iPhone 4 purchasing process.  We have been unable to replicate the issue, but the information displayed did not include call-detail records, social security numbers, or credit card information.    In the meantime, we are looking into this matter.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: All of AT&T Breached?
By thrust2night on 6/15/2010 8:53:36 PM , Rating: 3
Don't worry. Tomorrow morning AT&T will release a statement blaming Goatse Security. :D

RE: All of AT&T Breached?
By spread on 6/15/2010 9:02:39 PM , Rating: 3
Looks like AT&T has lots of gaping backdoors.

RE: All of AT&T Breached?
By muhahaaha on 6/15/2010 9:08:31 PM , Rating: 2
That statement made me shiver. I don't want anything to intrude into my "back door"

RE: All of AT&T Breached?
By Spivonious on 6/16/2010 9:47:00 AM , Rating: 2
Does anyone else find it funny that Goatse specializes in finding gaping backdoors?

RE: All of AT&T Breached?
By tastyratz on 6/16/2010 10:38:17 AM , Rating: 2
I also find strange amusement in his recent arrest including blow. I guess the blow plugs that gaping hole for at&t

RE: All of AT&T Breached?
By jhb116 on 6/15/2010 9:05:28 PM , Rating: 3
And the funny thing is that Apple (which I'm not a big fan of) ends up suffering. Is that Irony??

BTW - I hope everyone remember this is 5-10 years when Google or Microsoft (or possibly HP or RIM) rule the cell phone OS market and Verizon owns the cell market. One incident doesn't spell the end but AT&T is looking like an asylum run by the inmates....

RE: All of AT&T Breached?
By rs1 on 6/16/2010 1:43:02 AM , Rating: 5
I don't understand how any company as large as AT&T can roll out any sort of server update and do "absolutely no testing" on it. Their servers are their lifeblood, you don't just drop in a new patch without first thoroughly testing it in QA. They should fire whoever they have managing their deployment process.

Also, I love their official comments on the problem:


We have been unable to replicate the issue, but the information displayed did not include call-detail records, social security numbers, or credit card information.

So if you can't replicate it, how do you know that it did not include those details? You are relying on third-party accounts of the issue, and have no idea what is really happening. Ruling out possibilities is premature at this stage.

RE: All of AT&T Breached?
By lolmuly on 6/16/2010 7:39:08 AM , Rating: 2
aside from all of this AT&T's service still sucks balls.

I don't have a 3g phone (yet), but they still manage to drop 50% of my calls, and it sometimes takes hours for me to receive a text message. My girlfriend gets mad at me when she calls, because most of the time it doesn't go through to my phone, it just goes to voice mail and I don't even receive a missed call notice to tell me who it was from.

The worst part is I live in the middle of phoenix, the average building here is 2 stories tall, I can't imagine what it's like in new york.

I wouldn't even consider buying a 3g at&t phone, based on what my friends have told me the service is even worse.

RE: All of AT&T Breached?
By MrBlastman on 6/16/2010 9:23:18 AM , Rating: 2
Not only that...

Several customers have written reporting that they logged in to their AT&T accounts, only to enter another user's account.

These people that reported the problem will be illegally searched by the FBI and police and threatened to be thrown in jail for tainting the great AT&T's reputation.

With AT&T and Apple, there is only strict compliance--or you are executed, at which time your Liver is harvested for Steve.

RE: All of AT&T Breached?
By thrust2night on 6/16/2010 9:47:56 AM , Rating: 2
That's what they get for reporting gaping holes. And we all thought Jobs liked to keep it PG-13. :)

"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki