AT&T says leaked data of 70 million people is not from its systems (www.bleepingcomputer.com)
from IllNess@infosec.pub to cybersecurity@infosec.pub on 19 Mar 2024 05:14
https://infosec.pub/post/9922753

#cybersecurity

threaded - newest

ptz@dubvee.org on 19 Mar 2024 10:34 next collapse

BleepingComputer asked AT&T if it was possible the data came from a third-party service provider or vendor but has not received a response at this time.

That was my thought: AT&T didn’t get breached and leak the customer data of 71 million themselves. They merely sold that data to a third party who got breached and leaked the customer data of 71 million people.

swayevenly@lemm.ee on 19 Mar 2024 19:58 collapse

So this was pretty old and customers got notified by AT&T that it was a 3rd party vendor they were selling data to.

coffeeClean@infosec.pub on 22 Mar 2024 19:59 collapse

Okay, so it’s either:

  • incompetence (getting breached); or
  • malice (selling your data)

They might have been better off claiming incompetence. OTOH, we already know AT&T is malicious from project Fairview, so perhaps in the end it’s better for PR to just stay in the malicious lane and not be regarded as both malicious and incompetent.

coffeeClean@infosec.pub on 22 Mar 2024 20:01 collapse

bleepingcomputer·com ← cloudflare site. Should be prefixed with web.archive.org/web/ or cautioned.