AT&T has dealt with leaked customer information before. Back in 2010, 114,000 email addresses of AT&T’s Apple iPad 3G customers were leaked.
In that incident, Goatse Security and security researcher Andrew ‘weev’ Auernheimer claimed that they were able to exploit a flaw on the AT&T Website. Auernheimer was arrested by the U.S. Federal Bureau of Investigation in 2010 and found guilty in 2012. Auernheimer’s conviction was overturned on April 11.
“The Auernheimer breach was problematic in that any user accessing the AT&T Website was able to obtain email address information on iPad users,” Bob Stratton, general partner at Mach37, told eWEEK. “[The latest] event seems more significant in that authorized insiders with access to the provisioning system are said to have been misusing access.”
Bishop Fox’s DeMesy noted that while the Auernheimer breach only affected email addresses, the latest compromise at AT&T disclosed phone records and SSNs.
Read the full story at eWEEK:
AT&T Insider Data Breach More Dangerous Than External Hacking
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.