• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • AT&T "Looking Into" Security Breach


    Following reports that people trying to preorder iPhone 4s found that they were logged in to someone else's account, AT&T has issued a statement saying that they are "looking into the matter" but haven't been able to find the problem so far. An internal source supposedly told Gizmodo, however, that the security hole happened right after a "fraud update" brought down all the servers at a company that does AT&T order processing.

    AT&T's statement says that they "have been unable to replicate the issue, but the information displayed did not include call-detail records, social security numbers, or credit card information." Anyone else see the inconsistency? Yeah. If you can't replicate the issue, how do you know what was displayed or not displayed? CYA is understandable, but make it believable, please. To be sure, no one has yet come forward claiming that they saw someone else's credit card info, but that could be because they're on their free trip to Hawaii right now.

    Speaking of believability, Gizmodo - which has been (perhaps understandably) pushing a lot of "Apple Sucks (And So Do Their Partners)" stories of late - has an unconfirmed report from "an AT&T insider" of some server issues that could explain the breach. Someone claiming to work at "a 3rd party order processing facility—what AT&T refers to as a 3CC" says that "there was a major outage over the weekend that impacted all ordering systems and programs." The source didn't seem to have enough information to connect the two events, but said that at the same time, "there were multiple systems being upgraded/updated, with some updates being related to fraud."

    AT&T's servers are being blamed for the delays and disconnections in the iPhone preorder process yesterday, with Apple's servers able to deal with the increased load: apparently only during the eligibility checking process did things bog down. I mean, it felt wicked low-tech filling out a piece of paper (that said "Reserve Your's TODAY!") and giving it to a lady who asked me if I was "illegible" for upgrade pricing, but at least the order went through.

    Um, I hope.
    This article was originally published in forum thread: AT&T "Looking Into" Security Breach started by Paul Daniel Ash View original post
    Comments 11 Comments
    1. mmurphmsu's Avatar
      mmurphmsu -
      You would have thought they would have prepared a little better since the hype for the phone was already high.
    1. giancarlo's Avatar
      giancarlo -
      they tried to get me with that old-school credit card receipt crap but I stayed there until the system accepted credit cards again and got my two receipts PAID IN FULL. SOB's better get me my phone by the 24th!
    1. SirDude's Avatar
      SirDude -
      cant agree more - the paper make one feel so good about getting through in time.
      Ill be at the att store relatively early hoping to get one in time - as crazy as that is anyways.
    1. jreb13's Avatar
      jreb13 -
      At one point yesterday when I was trying to both order on AT&T's website and on Apple's simultaneously (hoping one of them would work), I was logged out of my AT&T account and the screen did show someone else's username pre-populated, but I wasn't logged in as them it was still prompting for a password. I sort of disregarded it at the time, but now things are making sense.
    1. Gyngabread Man's Avatar
      Gyngabread Man -
      happened to me i was logged into a holographics IRU account i was like hmmm
    1. iLaw-One's Avatar
      iLaw-One -
      Surely one would expect that with all the money these chaps make (AT&T), that they'd have a properly structured system and security in place...or is that just wishful thinking on my part??
    1. cmwade77's Avatar
      cmwade77 -
      AT&T's fraud department called us yesterday, they caught someone ordering equipment on our account, which we did not order. They also said to call them if the charges appear on our bill. This is on a business account, but at least they caught the error and stopped the equipment from being shipped out.
    1. jreb13's Avatar
      jreb13 -
      If it was Iphone 4's you should have just had them change the shipping address. You could have made a mint!!! Then again they probably would have canceled the order anyway
    1. Riviera's Avatar
      Riviera -
      Someone is going to get written up or laid off.
      I also smell lawsuit.
    1. aperry's Avatar
      aperry -
      Quote Originally Posted by pauldanielash View Post
      If you can't replicate the issue, how do you know what was displayed or not displayed? CYA is understandable, but make it believable, please. To be sure, no one has yet come forward claiming that they saw someone else's credit card info, but that could be because they're on their free trip to Hawaii right now.
      Well in AT&T's defense, anyone familiar with how enterprise commerce systems store and display sensitive data can understand why AT&T is confident that certain data was not displayed to anyone.
    1. whereswaldo's Avatar
      whereswaldo -
      maybe they need alarm force on their website