Shostack + Friends Blog Archive


AT&T Hack Attempt

First, good on AT&T for telling people that there’s been an attempt to hack their account. (My copy of the letter that was sent is after the break.) I’m curious what we can learn by discussing the attack.

An AT&T spokesperson told Fox News that “Fewer than 1 percent of customers were targeted.”

I’m currently aware of 3 other folks in the security industry who’ve gotten these. Can someone recommend a good embeddable polling software that I might use to see what the prevalence is on the biased audience that reads this blog?


In our ongoing effort to provide you with the best privacy protections possible, AT&T regularly monitors the security of our online services such as MyATT online account management. The purpose of this letter is to advise you that we recently detected an organized and systematic attempt to obtain information on a number of AT&T customer accounts, including yours. We have not yet determined the source or intent of the attempt to gather information, but we are continuing to investigate.

We do not believe that the perpetrators of this attack obtained access to your online account or any of the information contained in that account. Use of your mobile device or other AT&T services has not been affected by this incident.

Customer privacy and data security are top priorities for AT&T. Because there may be an increased risk of fraudulent attempts to access your account information, you should be cautious about efforts to obtain sensitive information through email (“phishing”) or text messages (“smishing”). You can find out more about phishing, smishing, and protecting your online account information below, and at

We appreciate having you as a customer and if you have questions or you need assistance, please contact AT&T Customer Care by dialing 611 on your AT&T wireless device or calling 1.800.331.0500.


AT&T Online Services

Ref Code: F3221

Measures available to you to help ensure that all of your online accounts
and your Internet access devices are better protected.

Be aware of the risks to any online account and the steps you can take to reduce your exposure to them. “Phishing,” also known as “brand spoofing” or “carding,” is a trick used to gather financial information and password data using fake emails and websites. Scammers using phishing techniques send consumers email messages that appear to be from well-known companies. These messages usually contain links to web pages that have been disguised to look nearly identical to legitimate companies’ sites and request customers to enter sensitive information including financial and password data. “Smishing” is a technique similar to phishing; it uses cell phone text messages to get customers to divulge personal information. Scammers using smishing techniques may send a text message with a link to a website which requests sensitive information. More commonly, “smishers” will include a phone number in the text message that connects to an automated voice response system to capture sensitive information.

Some of the measures you can take online and on your Internet access device to help protect yourself include:

• Be aware that email and text message headers can be easily forged, so the posing sender may not be the real sender.

• Avoid providing or filling out forms via email because the data is likely to be unsecured.

• Realize that Internet scammers can create realistic forgeries of websites, so avoid clicking on links in an unsolicited email or text message. If appropriate, go directly to the company’s website to investigate the validity of the communication.

Additional recommended measures to protect your Internet access devices include:

• Scan all computers with an up-to-date anti-virus program.

• Use an up-to-date anti-spyware (anti-malware) application, as some malware is not detected by anti-virus scans.

• Ensure your operating system has been updated with all the recommended security updates from the operating system provider.

• Check all your online accounts regularly for unauthorized activity.

• Review trusted online sources for information on protecting your computer and mobile devices.

If you have any questions about how AT&T collects, uses and protects your personal information as a customer, please visit our Privacy Policy.

© 2011 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand.

One comment on "AT&T Hack Attempt"

  • Noe says:

    I immediately tried to go on my online banking after reading this email and have had around $5,000 taken from my accounts. Coincidence? Please help if you can.

Comments are closed.