from Hacker News

AT&T Addresses Recent Data Set Released on the Dark Web

by emeraldd on 4/1/24, 8:03 PM with 21 comments

  • by xyst on 4/1/24, 8:25 PM

    Given how lax AT&T is with this sad press release. They are fully expected to pay some fine, which they will pay after exhausting years of appeals. At that point, people will have forgotten. Impacted people get a check for $5 (if they are lucky). Business as usual.

    Nobody goes to jail. Some offshore team is replaced with another bottom of the barrel contractor. Maybe a low ranking executive is given a slap on the wrists, internally. AT&T cuts some internal program to make up for loss (1 year moratorium on T&E for that team)

  • by breadwinner on 4/1/24, 8:34 PM

    Apparently they encrypted customer passwords instead of one-way hashing [1].

    "A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher."

    "The leaked data includes AT&T customer names, home addresses, phone numbers, dates of birth and Social Security numbers."

    [1] https://techcrunch.com/2024/03/30/att-reset-account-passcode...

  • by rdtsc on 4/1/24, 8:21 PM

    > AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web; source is still being assessed.

    In the "about us" section

    > We help more than 100 million U.S. families, friends and neighbors, plus nearly 2.5 million businesses, connect to greater possibility.

    I like how they address themselves in the 3rd person. Did something bad? Use the passive voice and address yourself in the 3rd person.

  • by breadwinner on 4/1/24, 8:49 PM

    The only thing more shocking than these regular leaks, is how many banks assume that if you produce SSN and DOB of Person X then you're X! And if you're not X then that's X's problem — His identity got stolen!

  • by arprocter on 4/1/24, 8:39 PM

  • by illusive4080 on 4/1/24, 8:34 PM

    On the bright side, I haven’t ever had to pay for a credit monitoring service, and it looks like I don’t have to start now.

  • by sys_64738 on 4/1/24, 9:36 PM

    Their website is truly pathetic leaving the burden on individuals to need to protect this information. They should bleed red severely for this in punitive damages to those impacted.