Protect yourself online
PWang's profile

New Member

 • 

8 Messages

Wednesday, January 25th, 2023 6:31 PM

Closed

My AT&T data is being used by fraudsters

I canceled my AT&T DSL back in 2015. 

Last week, my AT&T data was used by fraudsters in an attempt to open a credit card. I know this because the email address they used was unique to my AT&T service (the email looks like att@<my personal domain>.com). Also last week, I started receiving rewards notifications to that unique email address, where there has been no activity for years.

Clearly there was a data breach, and it is data regarding AT&T customers or former customers. If fraudsters are attempting to open credit cards, then then have all my info including SSN. 

I see no admission of data breach from AT&T in the news.

What is the latest news? And what is being done by AT&T for breaches from data originating from their systems? Why doesn't AT&T hash or encrypt our SSNs?

ACE - Expert

 • 

23.7K Messages

1 year ago

Your email address could have been lifted from any number of sites by any number of means, collated with other data associated with it, and sold on the dark web. Someone bought the "package" and is attempting to use it for fraudulent purposes. 

Change your password, obviously, and keep an eye on your credit cards, etc for anything suspicious.

New Member

 • 

8 Messages

1 year ago

The email address that the fraudsters are using is specific to my previous AT&T service, which was canceled many years ago. That email address was uniquely created by me to track anything related to AT&T. 

The data breach could not have originated from anywhere other than AT&T due to the "unique" email address associated to my former AT&T service.

What is the latest news? And what is being done by AT&T for breaches from data originating from their systems? Why doesn't AT&T hash or encrypt our SSNs?

ACE - Guru

 • 

9.9K Messages

1 year ago

@PWang    Go to www.haveibeenpwned.com and enter your email address.  This is a massive database of billions of email addresses that have been collected from breached websites.  See if it shows anything for your address.

New Member

 • 

8 Messages

1 year ago

@tonydi The address specific to my AT&T service (which fraudsters are now using to open credit cards) does not yield any matches on that website.

Again, I had a specific email address that was created by me to track activity related to my AT&T wireless service. Prior to recent activity starting last week, I had received only bill notifications and termination of services from "AT&T Online Services" during my service dates 2012-2016. The unique AT&T email address has not been used anywhere else by me.

There has clearly been a data breach of AT&T clients, at least with the DSL service.

ACE - Guru

 • 

9.9K Messages

1 year ago

Thanks for reporting back on the pwnd site results.

ACE - Expert

 • 

23.7K Messages

1 year ago

If that is true, then I don't see what AT&T can do about it because your addy is now out there for all to use. I haven't read or seen any reports of a data breach but anything is possible, and if there has been one recently, it probably won't be made public knowledge for awhile yet. There was supposedly one around last April, and T-Mobile just reported one the other day.

ACE - Guru

 • 

9.9K Messages

1 year ago

There was a breach in August 21 that AT&T has still not really announced publicly.  We think this is what started the ongoing password fiasco that AT&T has yet to resolve.

It's not clear that the OP's would have been part of that because he's using his own domain and not one of the AT&T addresses.

New Member

 • 

8 Messages

1 year ago

@OttoPylot AT&T can do a lot actually.

1) They can acknowledge the data breach.

2) Notify all the customers or prior customers so as to protect themselves.

3) Investigate what caused the breach and take action against the vulnerabilities.

4) Outline a plan to increase security on their platforms. (Including deletion of any data associated with terminated accounts, as in my case. Add firewalls. Offer more controls such as encryption on how they store SSN and other personal info).

5) They can also offer to the victims, ID theft protection services and credit monitoring.

Take responsibility in other words. Is there anyone from AT&T that can comment on what is being done?

ACE - Expert

 • 

34.3K Messages

1 year ago

There is the possibility that your own e-mail server was compromised and the e-mail address taken from that.  I assume you've at least considered and evaluated the possibility and found it not-compelling.

ACE - Guru

 • 

9.9K Messages

1 year ago

🤣🤣🤣

Could be and will be are vastly different.  What is being done is zero.  What will be done going forward is still zero.  The only AT&T response here will be from ATTHelp, if they show up at all, to say how important your security is to AT&T and they will pass your suggestions along. 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.