BleepingComputer asked AT&T if it was possible the data came from a third-party service provider or vendor but has not received a response at this time.
That was my thought: AT&T didn’t get breached and leak the customer data of 71 million themselves. They merely sold that data to a third party who got breached and leaked the customer data of 71 million people.
So this was pretty old and customers got notified by AT&T that it was a 3rd party vendor they were selling data to.
coffeeClean@infosec.pub
on 22 Mar 2024 19:59
collapse
Okay, so it’s either:
incompetence (getting breached); or
malice (selling your data)
They might have been better off claiming incompetence. OTOH, we already know AT&T is malicious from project Fairview, so perhaps in the end it’s better for PR to just stay in the malicious lane and not be regarded as both malicious and incompetent.
coffeeClean@infosec.pub
on 22 Mar 2024 20:01
collapse
bleepingcomputer·com ← cloudflare site. Should be prefixed with web.archive.org/web/ or cautioned.
threaded - newest
That was my thought: AT&T didn’t get breached and leak the customer data of 71 million themselves. They merely sold that data to a third party who got breached and leaked the customer data of 71 million people.
So this was pretty old and customers got notified by AT&T that it was a 3rd party vendor they were selling data to.
Okay, so it’s either:
They might have been better off claiming incompetence. OTOH, we already know AT&T is malicious from project Fairview, so perhaps in the end it’s better for PR to just stay in the malicious lane and not be regarded as both malicious and incompetent.
bleepingcomputer·com ← cloudflare site. Should be prefixed with web.archive.org/web/ or cautioned.