June 16th, 2010 17:39 EST
AT&T Security Breach Exposes Countless Users Accounts
Today was the first day that Apple`s new iPhone 4.0 was available for pre-ordering, which will officially go on sale June 24th. As AT&T users were logging onto the AT&T website with their login credentials and proceeding to pre-order the new iPhone 4, AT&T`s website was pulling up other users personal accounts.
When you access an account online, it shows your phone numbers, addresses, detailed call logs, texting information, as well as bill payment information. It is hard to tell how many accounts were exposed considering that AT&T sold out of iPhones for pre-orders today. After AT&T realized what was happening, the servers went down.
If you went to an AT&T store to place your pre-order, the customer service representatives were taking orders by hand, and using the old swipe credit card machines that leaves an imprint of the card on the order form.
AT&T has released this statement concerning the issue:
"We have received reports of customers inadvertently seeing the wrong account information during the iPhone 4 purchasing process. We have been unable to replicate the issue, but the information displayed did not include call-detail records, social security numbers, or credit card information.
In the meantime, we are looking into this matter."
But something else interesting, an AT&T insider provided this information to Gizmodo.com:
"I work at a 3rd party order processing facility-what AT&T refers to as a 3CC. We process business-to-business, business-to-customer Wireline Indirect, and ACME/PAC (what AT&T calls their iPhone program internally). Agents use AT&T programs called Phoenix, Telegence, Compass, Ordertrack and myCSP to process orders.
Over the weekend there was a major fraud update that went down on all of AT&T`s systems, from Saturday overnight to Sunday early morning. All systems were down and agents were unable to use any systems.
The issues people are seeing at AT&T stores and online are most likely related to this update that went wrong.
I do know that there was absolutely NO TESTING of this system done before the launch of the new iPhone. I know it`s just heresay at this point, but I can confirm that there was a major outage over the weekend that impacted all ordering systems and programs, and I can confirm that there were multiple systems being upgraded/updated, with some updates being related to fraud.
At this point, I can say that the system that AT&T uses to send automated orders to be processed is as of this very moment down completely. Our facility is unable to process any orders by phone or by automation.
[Regarding the identity problem] Whenever we see people who are logging in and seeing other customer`s account info, it is an issue with the databases that contain customer information. Orders that contain any information like this can cross customer information, and cause a customer to be able to see other accounts by logging out and logging back in. This means that when they log in a few times, it gives them different customer account info every time. It`s a rare occurrence, but it has happened in the past.
You might want to advise people to not get the upgrade at this point as it may be a doorway to a major privacy breach."
Just last week a hacking group was able to access thousands of iPad owner`s personal information through a flaw in AT&Ts website. Will this be the final straw for Apple to start considering using other cell phone carriers and not be exclusive to AT&T?
Tim Martin is a Technology Specialist, Follow him on Facebook at facebook.com/tsmartin75 or on Twitter @tsmartin. For more of Tim`s news articles and tech radio show, visit tech-rewind.com Do you have a story that needs told? Let Tim know!