Here we go again. AT&T officially confirms that your personally identifiable information is out there - really out there. In this episode, your host, John Martinez, provides an update on the breach finding, shares the types of information that was leaked, and explains what you should do to protect yourself.
Hey everybody.
Welcome to another episode of John Has Trust Issues where I discuss issues relevant to the worlds of Zero Trust and authorization in a few minutes.
My name is John Martinez and I'm the technical evangelist here at StrongDM.
And my trust issues stem from those Legos that I've stepped on.
Oh my goodness, when my kids were small on the floor in the middle of the night, usually ow they hurt.
Today I am following up on a subject that I covered not too long ago.
This is the AT&T data breach.
Well, it turns out that AT&T has confirmed that 70.7 0.6, sorry, 7.6 million current and 65.4, that's 73 total, 73 million total.
That's 65.4 passed 73 total customers were impacted by this breach.
That's a lot of people. For those that were affected at AT&T reset passcodes, according to the article that you see on the screen, the these customers were, that were impacted, were told by AT&T they were notified that yes, indeed you've been impacted.
And this is the information that's been impacted, according to some of the reports that I've seen is that sensitive PII was indeed leaked.
It turns out as some of the conflicting articles that I talked about last time were discussing, we didn't really know a hundred percent, you know, whether it was sensitive PII or what was really being leaked out there.
But it turns out that AT&T confirmed that full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, and your AT&T account number and passcode were indeed leaked.
The data's being sold on the dark web, but it doesn't really matter because according to some security researchers, this data is actually freely available on the open internet and it's just a couple of clicks away.
So, you know, and from my take here is, you know, a a really lazy hacker could with a little bit of social engineering, could definitely take over somebody's AT&T account.
It's pretty easy or worse, you know, if they're really motivated, they can definitely do a lot worse damage with some of that sensitive PII data that's out there.
All right, so what can we do?
What can I as a mere mortal do about this situation?
So let's take a look at a couple of things here.
So number one, change your passwords, change your passcodes, not just on AT&T.
I mean, that's a given for sure, but change 'em, you know…its springtime.
It's time to do a little bit of spring cleaning.
Definitely take care of those old passwords that have been nagging you if you're using a password manager.
Password managers are really good with not just helping you change those passwords to something that's unique but they also help you.
And some of them can also tell you when you've reused those passwords.
So definitely one of those areas where, let's do some spring cleaning here.
And next thing we could do is watch for identity theft.
This one is definitely a little bit harder and trickier.
There's definitely places that you can use services that you can use your banks, for example, your credit cards, for example.
Those are, those are a couple of places.
There's other third party services that you can use that help you protect your identity and watch for identity theft.
Definitely something that I would recommend highly.
And then don't fall victim to scams.
You know, these scams are gonna come now that phone numbers and email addresses have leaked out.
You know, scams are gonna come even worse if you haven't already been a victim to like I have, uh, in the sense that I'm being victimized, with all of these emails and text messages.
They're gonna keep coming.
They're gonna keep coming hard, and that's the aspect of the social engineering that I was talking about a little bit earlier.
And then finally, let's switch away from SMS based MFA.
Yes, it's easy. Yes, it's supported everywhere.
Not every, not everything supports, TOTP or time-based passcodes.
Definitely it's something to go to Modern password managers support, TOTP based, MFA tokens.
And another aspect of it's hardware based tokens.
Definitely something that's a lot harder to crack.
UB Keys is one that I highly recommend.
They're not paying me for that, but it's one that I do recommend, and you definitely, let's switch over to that.
And then finally, for those of us in the IT and security roles out there, you know, again, like I mentioned last time manager, third party vendors and demand that they implement stringent security posture measures, logging, et cetera, so that you have more than just a good feeling about your partner and what they're doing with that sensitive data that you're sharing with them.
Because it's, that's how we do business.
So unfortunately, this is our reality.
But, you know, if we follow some of these steps, if we protect ourselves, if we're aware of these attacks that are happening to us personally and through our partners on the business side, we can definitely, do a lot better and we can definitely get over it.
So that's another episode of John Has Trust Issues, and this episode was brought to you by StrongDM, the modern access management platform that enables Zero Trust authorization for all of your infrastructure.
Thanks for watching. Have a great day.
