So saw this: https://www.reddit.com/r/ATT/comments/ivge5u/i_just_got_this_in_the_mail_what_does_this_mean/
Basically looks like some AT&T accounts got compromised. One user said they use a randomly generated password only used on that account. This would imply the breach was not password compromise specific.
So this brings to light the larger security concern. Since AT&T forces equipment to be used, if you happen to use the WiFi on the device and you get compromised by no fault of your own even, your network is now also at risk. As you may be aware AT&T accounts display your router settings, including wifi name and password and even devices connected to your network. They can also be updated/changed. AT&T chose words very careful on the letter posted saying your SSN and credit card info was not obtained.
Imagine this happens and your address is in close enough proximity to the attacker or sold to others that are along with your wifi and wifi credentials and the lan IP of all your devices. Now imagine said person drives near your home. Boom, on your network. And because your att account had access to modify your router, it's not far to imagine they piggy back on that. One could root your router or use access already gained via AT&T and do further attack/damage to you. Even more so since they can get on your lan and look for weaker IoT devices and infect them with something.
Yet another reason folks need to speak up and complain about not allowing BYOD.
It's one thing to make an app that can manage your equipment from being on the local WiFi. It's another for default and force that into the "cloud" where the above can happen or worse...
Oh and just think, if you use the default wifi creds, well, they are out forever. You either need to customize them now to change it or if you for some reason want to keep using the defaults you now need a new router since they are hard-coded lol. Obviously you should change them always anyway but nice to know att allows one thing to be compromised that allows the compromise of another.
↧