Security Update: Recent AT&T Data Breach and Important Security Tips
If you check technology news you will likely find dozens of stories about data breaches, ransomware attacks, and systems taken down because of attacks or to prevent data loss. The sheer number of these attacks can be overwhelming and make it hard to keep up with what you need to know.
This post discusses a recent attack that affected about 70 million customers as well as some important security tips that are best practice to help decrease the likelihood you will be the victim of one of these attacks.
Security Update: Recent AT&T Data Breach and Important Security Tips
AT&T Data Breach
In or before 2021, the data of around 70 million AT&T customers was breached, though AT&T has perpetually denied that the data came from them. At the time, the hacker responsible offered to sell the customer data on a hacking platform. Now, several years later and regardless of where the data was originally obtained, many AT&T customers have their data widely available. This data includes names, addresses, phone numbers, dates of birth and social security numbers.
What you can do - Change your AT&T password and verify you do not use the same user ID and password combination at any other site, or also change that account if it was reused. Also, search your email address on a security breach awareness website called "Have I been pwned" at https://haveibeenpwnd.com. This website will alert you to any data breaches that your email address was included in.
For more information about this data breach, read this article.
Important Security Tips
In some ways, it can feel impossible to protect yourself from risk. For example, when a company stores data on an unprotected Amazon storage bucket, and this does happen, there is nothing you could have done to protect against this type of breach. Additionally, when companies you use have hacked credit card terminals, or older, unused accounts are not decommissioned, there is not a lot that the average person can do to protect against these types of data vulnerabilities.
However, if we look at this from another angle, there are lots of things you can do to protect yourself. First, you can use unique user IDs and passwords for everywhere you create credentials. This may seems tedious, or even impossible, but keep in mind the more unique combinations of user IDs and passwords you use, the more you decrease your risk.
Consider having an account with a company that is breached, and through no fault of your own, your credentials are leaked. Every place you have also used these credentials is now at risk. You might think that nobody would guess you bank with X bank, or that who would know your favorite shop is X shop, but the attacks work because hackers test those credentials at thousands of sites in hopes of gaining access.
Yes, of course they are going to focus on major players - think banks as there are not that many, but also places like Amazon, Google, Apple, Uber, and other companies that have billions of user credentials. For hackers, this is merely a numbers game. If they try enough places, they are likely to find somewhere that your credentials work. This is why mixing up user IDs and credentials is one of the single most important things you can do to reduce your exposure and risk.
Another thing you can do, when creating these passwords, is to create them with complex passwords. It is true that if your password is breached by a company you use, having a complex password does not reduce your risk. However, where it does reduce your risk is when hackers try logging into user accounts using the most commonly used passwords, or using password crackers that can break simple passwords in minutes. The more you change up upper and lower case, add symbols and numbers, as well as increasing the length of your password, the longer it will take to crack that password because you have increased the number of possibilities.
A third thing you can do is to try and reduce the number of accounts you create. In reality, this is harder now than it used to be, and often times companies do not allow you to checkout as a guest, but do this where you can to limit the number of accounts you have. This is especially true for places you plan to order from only rarely. Don't allow companies to store your credit cards either, as this is just one more thing you have to worry about if they suffer from an attack.
In addition to the previous items, you always want to be sure you are careful where you input your private information. Verify the website you are on is sending your data securely, using the https protocol.
Keep in mind, you may have to click in the URL bar to verify the https:// precedes the domain name as this often is hidden.
The last thing we always recommend, and we have definitely mentioned before, but we believe is worth repeating again and again is to never reuse the credentials you use for the email you use to create login accounts at other websites. The reason this is so incredibly important is because this is the account you use to reset the password for your other accounts! If you use a simple password for your email and someone accesses your email, they can then use your email to find out where you likely do business by going through your emails. With this information, they can begin resetting important passwords in an effort to gain unauthorized access to your accounts and potentially lock you out.
AT&T's data breach is a perfect example of where something that happened years ago can still affect you today if you do not regularly change your passwords and use unique ID and password combinations with your login accounts. Remember to also create complex and lengthy passwords, have accounts only for accounts you use often, verify a website is secure before entering credentials, and never reuse your email password. These steps will help reduce the risk of your data being breached.
As always, the efforts you make to protect your data pay off in saved time, frustration and sometimes even protect you financially.