AT&T.com Is Vulnerable, User Information Can Be Revealed

AT&T.com Is Vulnerable, User Information Can Be Revealed 

A serious security vulnerability has been found on AT&T.com -a leader in telecommunication services, including cell phones, wireless, U-verse, digital TV, high speed internet, DSL, home phone & so on. That vulnerability is allowing anyone to look up the phone numbers of AT&T subscribers, provided they have the subscriber’s email address. The issue involves a form on AT&T’s site where a subscriber can input their email address in order to recover their forgotten AT&T User ID. Except instead of simply emailing the User ID to the email address provided, the following page reveals the wireless phone number associated with that account. A security consulting company named Errata Security reported about this vulnerability. Later the vulnerability has been patched. The problem was first unveiled late Friday night in a posting on Reddit. According to the comments there, some Reddit users have already created working scripts that return a list emails followed by the associated wireless phone number. But the vulnerability seems to be hit or miss, in terms of whether or not it reveals the complete number or any number at all. It doesn’t appear to work for Business Accounts, one commenter noted, but in another case, it worked for someone who wasn’t even an AT&T subscriber anymore.
To see if the hack works for you, visit https://www.att.com/olam/enterEmailForgotId.myworld, enter in an email address, click next, and see if a phone number is returned.


For what it’s worth, it didn’t work for me (an AT&T subscriber), but that may be because it doesn’t seem to work for those who have already established AT&T User ID’s, as I have. At the very least, that should protect some of the potentially affected AT&T subscriber base from having their personal information revealed.

According to AT&T spokesperson:- “We are dedicated to protecting our customer’s personal information. While the function was intended to help improve customer experience, we have removed it from our site to prevent misuse.”


-Source (Tech Crunch & Errata Security)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: , ,
Related Posts Plugin for WordPress, Blogger...