I’m sure many of you are aware of the latest high profile loss of personal data. AT&T exposed 114,000 e-mail addresses including some high profile figures such as NYC Mayor Michael Bloomberg.
AT&T decided to pre-populate a form when users entered their SIM card number. The “attackers” generated random numbers that mimicked the SIM card numbers and when one matched, the authentication page with the e-mail address and associated card number was displayed. So they now had the person’s e-mail address and associated SIM card number.
Imagine an e-mail coming from Apple that says go to this website to update your account with SIM card number XYZ. You check and it’s the right number so you have to believe it is legitimate right? Another great example of how with just a little bit of information you can trick people into providing even more personal data.
The “attackers” portion of the story is even more interesting. A “security group” said they exposed the flaw to AT&T and once the flaw was fixed they publically released information about the flaw. AT&T refutes their claim and blames them for jeopardizing their customers data. Either way, expect an interesting debate and possible legal action on the matter.
Remember:
-All information is important
-Don’t click on links in e-mails, yes I’m serious.
-Don’t save info on forms using browser related tools
No comments:
Post a Comment