As if 114,000 compromised email addresses and a complete iPhone 4 launch failure weren’t enough, AT&T is now facing another security breach, this time of a more important level.
Apparently, some AT&T customers logging into AT&T’s website get access to other people’s account.
According to Gizmodo:
This is how it happens: A customer tries to log into their AT&T account to order a new iPhone 4 upgrade. Despite entering their username and password, the AT&T system would take them to another user account. This gives access to all kinds of private information about the mistaken customer: Addresses, phone calls, and bills, along with the rest of private information, becomes exposed to random strangers.
An AT&T insider explains what really happened:
Over the weekend there was a major fraud update that went down on all of AT&T’s systems, from Saturday overnight to Sunday early morning. All systems were down and agents were unable to use any systems.
The issues people are seeing at AT&T stores and online are most likely related to this update that went wrong.
I do know that there was absolutely NO TESTING of this system done before the launch of the new iPhone. I know it’s just heresay at this point, but I can confirm that there was a major outage over the weekend that impacted all ordering systems and programs, and I can confirm that there were multiple systems being upgraded/updated, with some updates being related to fraud.
That’s heavy. That’s really heavy!
What says you?
[Image from Giz]