A complaint was filed with the US District Court in Los Angeles by Michael Terpin against AT&T. Apparently their lax security allowed a thief to commit SIM fraud and they gained access to his personal information. This led to $24 million worth of cryptocurrency.
According to Turpin, the hackers were able to update his SIM number to a card that the hackers controlled, giving them ample opportunity to access Turpin’s information and exploit it. Because this has happened two times to one person, it speaks to a pattern of negligent security on the part of AT&T. Personally I would have switched providers after that happened even once. These hackers were able to break through two-factor authentication processes on Turpin’s accounts.
For the first hack, the thief used the stolen SIM to take over Turpin’s Skype account, and the hacker convinced a client to divert a crypto-payment into the hacker’s account. The second security breach happened when the thief visited an AT&T store in Connecticut and updated the SIM yet again, without providing the scannable ID AND passcode that Turpin added to his account after the first hack.
In an official statement, AT&T said, “We dispute these allegations and look forward to presenting our case in court.” They must have something good up their sleeves, because these accusations are pretty serious if proven true. Either way, it makes me grateful I don’t use AT&T.
Source: The Inquirer
Back to original news post