Hack Attack Targets Verizon, AT&T Wireless

posted onJuly 31, 2001
by hitbsecnews

Verizon Wireless and AT&T Wireless Group are investigating a security breach that may have allowed outsiders to see confidential information of at least hundreds of their customers. Officials from both companies confirm that they are looking into an apparent security breach that permitted information of a number of users to be circulated publicly in Internet chat rooms. The situation has prompted investigations by at least two police units in California and Oklahoma.

Investigators in Kiowa County, Oklahoma, are checking into complaints from customers who discovered that their private information had been posted publicly in a chat room and who noticed strange charges on their credit cards, according to Deputy Terry Tyler at the Kiowa Country Sheriff's Department.

Tyler has contacted credit card companies about the matter, but could not provide other details at this time. A similar investigation is under way in Rancho Cucamonga, California.

Chat room log files and online interviews with the victims indicate that many of the victims signed up for wireless service from either Verizon or AT&T between December and April of this year, with most of the users living in Indiana and Illinois, according to a report from MSNBC.com.

Victims interviewed by MSNBC said they had ordered wireless services over the Internet from Verizon and AT&T. During the ordering process, victims were asked to provide credit card information, security experts say. The security breach therefore may have occurred between transmissions among the wireless service providers and credit card service providers, security experts say.

Details Exposed

The information being distributed likely includes credit card numbers, Social Security numbers, and driver's license numbers, according to Jim Magdych, security research manager for PGP Security, a division of Network Associates. Other personal data typically used in online applications for a variety of services may also have been exposed, he said.

The MSNBC report states that log files revealed by chat room sources showed that private information was being posted at a rate of two new records per minute. At that rate, the security breach may have affected at least hundreds of victims, Magdych says.

"It looks like some information may have been taken possibly from these wireless providers and also possibly from a third party that might be doing credit checks for the wireless providers," Magdych says.

The personal data was likely either leaked as a result of unencrypted files used by the wireless providers, by third parties they work with, or by a malicious worker inside of one of the wireless or third-party companies, Magdych says. In any case, private information was posted in an IRC (Internet Relay Chat) chat room.

"We take the security of our customers very seriously and are investigating the situation," says a Verizon spokesperson.

AT&T offers a similar message.

"We are completely committed to protecting the personal and financial information of our customers," says a spokesperson for AT&T Wireless. "We have our security folks investigating this right now."

Long-Term Effects

The distribution of customers' Social Security numbers and driver's license numbers could have much more damaging long-term effects on a user's life than just the typical online crime of credit card fraud, Magdych says.

"If someone has the personal information, and they commit identity theft then that is something to be more concerned about," he says. "There is not a lot of remedial action you can take in that case."

Unlike credit cards that can be easily canceled, Social Security numbers identify an individual throughout his or her life. A criminal armed with that kind of sensitive information can obtain financial information from banks, credit card companies, or loan lenders on the person whose Social Security number has been obtained.

It also is possible to set up bank accounts and obtain credit cards and loans under the person's name. A range of troubling scenarios can result from having a Social Security number fall into the wrong hands, and it can be particularly difficult to undo the damage, which often in such cases extends for a long time.

PCWorld

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs