- How to stream Francis Ngannou vs. Cain Velasquez for free 4 Years Ago
- How to stream the 2019 Daytona 500 for free 4 Years Ago
- 7-year-old YouTuber to get his own show on Nickelodeon Saturday 5:30 PM
- ‘Hipster’ jobs are trending, and Indeed says the market is booming Saturday 3:33 PM
- Trump meme removed after copyright complaint Saturday 2:15 PM
- Facebook pushes back against moderators complaining about ‘Big Brother’ environment Saturday 12:46 PM
- Twitter hid post from an account linked to Iran’s Supreme Leader Saturday 10:17 AM
- How to stream Leo Santa Cruz vs. Rafael Rivera for free Saturday 8:00 AM
- ‘Larry Charles’ Dangerous World of Comedy’ finds the balance between tragedy and comedy Saturday 7:30 AM
- How to stream Michael ‘Venom’ Page vs. Paul Daley for free Saturday 7:00 AM
- How to watch the NBA Dunk Contest 2019 online for free Saturday 6:50 AM
- The best new TV shows to stream this weekend Saturday 6:00 AM
- Bug lets Twitter save your DMs—even after you delete them Friday 7:21 PM
- Guy mansplains song to Japanese Breakfast, the female artist who wrote the song Friday 6:38 PM
- Ann Coulter’s Twitter bio links to a vulgar parody account Friday 5:22 PM
Personal data of 280,000 American AT&T customers stolen in phone-unlocking scam
If you’re an AT&T customer, you may soon get a phone call.
As a result, AT&T will settle with the Federal Communication Commission for $25 million, the largest privacy- and data-security initiative in the Commission’s history.
At play are a number of scams, all centered around one practice. They relied on AT&T’s program of locking many customers’ phones from being used by other carriers, but allowing those phones to be unlocked provided the person holding the phone could input an unlock code.
Those codes are easily available on AT&T’s website for visitors who can input a given customer’s phone number, full name, last four digits of a Social Security number, and phone’s unique IMEI number.
The scam, according to a senior FCC official, was pretty straightforward. AT&T subcontracts out some of its customer service to third-party companies in Mexico, Colombia, and the Philippines. Criminals would contact individuals who worked for those companies and provide them with a phone’s IMEI and phone numbers—often readily available just by looking at a stolen phone—and ask those contracted employees to fill in customers’ names and partial Social Security numbers.
The FCC official was unsure if the stolen information was used for other purposes.
With those generated codes, phone thieves could easily turn a stolen AT&T phone into one that works on any carrier.
The FCC official gave the most details about the scam in Mexico, where some of that stolen personal information was sold off to a group known as “El Pelon,” or “The Fear.” Over a roughly six-month period ending in the spring of 2014, three employees in an AT&T-contracted call center in Mexico sold information on 68,000 accounts without those customers’ authorization. Because inputting customer information can provide someone with up to five AT&T unlock codes, the FCC said those three employees alone led to 290,803 phone unlocking requests.
It’s unclear how many of those were actually used to unlock stolen phones, though, or if those call centers also worked with other American phone providers. The FCC declined to name those companies.
The Philippines and Colombia call centers totalled at least 211,000 recent customer account breaches, the FCC said in a press release.
Correction: The original headline incorrectly stated the number of AT&T customers affected. Nearly 280,000 customers were affected by the scams, according to the FCC.
Illustration by Fernando Alfonso III
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.