What the Tech with Jamey Tucker: AT&T Data Leak
AT&T Data Leak
The recent data leak at AT&T is just the latest incident where the private information of millions
of consumers was compromised and is now in the hands of cybercriminals.
AT&T on Monday confirmed the data leak of over 70,000 current and former AT&T customers.
The data includes Social Security Numbers and other personal information.
Web security consultant Troy Hunt, who also runs the website www.haveibeenpwned, said this
data leak is worse than many others due to the wealth of information included.
“Social security numbers are a big part of identity verification,” Hunt said. “Then we’ve got
names, phone numbers, physical addresses. That’s really all of the building blocks for theft,
unfortunately”.
AT&T confirmed in a release Monday that the data has been released on the dark web but Hunt
says, it’s much more accessible than that.
“We’re seeing headlines that it’s on the dark web. It’s not the dark web. It’s the clear web. It is
somewhere you go on your normal browser. There will be thousands if not tens of thousands of
people who now have all of this data”, Hunt explained.
Armed with all of that information, a cybercriminal would be well on their way to stealing the
victims’ identities. And there’s not much victims can do about it now.
“We cannot go and change our date of birth,” Hunt said. “Changing a social security number is
an absolute nightmare, that’s not going to happen for 70 million people. So we have to work on
the fact that the data is out there and we’re never going to be able to get it back.”
One problem, Hunt says, is that most people don’t take steps to protect their data until they
become a victim. And it’s safe to say everyone online has been in a data leak. We just don’t
know it.
So taking steps now is critical.
Hunt himself said his email address has been included in some 30 data leaks. “I live this stuff
and I can’t stop myself from being in data breaches. The only thing I can do is minimize the
impact when I am.”
What can that be? Hunt says identity theft and fraud protection services that alert people when
there’s a credit inquiry on their name, is a good step toward protecting your privacy. These are
about $100 a year.
“But I’m also conscious that this is not a panacea,” cautions Hunt. “This is not going to
necessarily notify me when someone has my username and password and they’re trying to log
into my email account.”
To protect accounts that use email addresses and passwords to access Hunt, and other
cybersecurity experts strongly recommend using strong and unique passwords for individual
accounts, turning on multi-factor authentication, and a password manager.
