Earlier this week, CNET News.com reported that someone hacked into a database and stole information for about 19,000 customers of AT&T's DSL service. Now, San Francisco Chronicle reporter David Lazarus reports there's more to the story. In a Chronicle story today, Lazarus details how the initial breach led to a subsequent follow-up phishing attempt targeting the same group of 19,000. The hacking victims, whose social security numbers and other personal information were not part of the initital database breach, were sent phishing e-mails ostensibly from the AT&T DSL store with details regarding recent purchases. The customers were told there was a problem processing their orders and were asked (via a phishing site) to submit more information. The phishing attack part of the story was not made public by AT&T, although the company did send out a warning to potential victims earlier this week. The database attack occured at a third-party site that partnered with AT&T to sell its DSL equipment.
AT&T hack leads to phishing attack
AT&T hack leads to phishing attack
Robert Vamosi
Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.