Skip to main content

Hackers Steal 19,000 Personal Customer Details from AT&T Online Store

Article Reads:17582

On the 3rd of September 2006, hackers pilfered the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T’s online store.
The affected site was shut down within hours of the attack being launched. In a statement, AT&T attributed the motive of the attack to a criminal market for illegally obtained personal information. In fact, the data also included customers credit card details.

To-date, AT&T has not provided details about how the site was hacked, however some unconfirmed reports attribute the website being vulnerable to Cross Site Scripting (XSS).


This attack did not come without cost to AT&T. The company notified each customer by e-mail and is now working with law enforcement officials to track down the hacker. AT&T committed to pay for credit monitoring services to protect those customers purchasing Digital Subscriber Line (DSL) equipment online from possible fraud.


Assessing the security of a website


Websites with web applications such as shopping carts, forms, login pages and dynamic content, in general, are always a prime target for attack. To function fully, web applications require open and direct access to backend databases: if improperly coded, web applications become easy gateways to social security numbers, credit card details and even medical records. Hackers experiment heavily with a wide variety of techniques to lay their hands on this type of data since the pay-offs are enormous.


Acunetix WVS protects against these attacks including Cross Site Scripting and SQL Injection vulnerabilities. Furthermore, Acunetix protects against the embedding of Javascript malware in a web-page through its JavaScript Analyzer. Such protection secures all AJAX applications.


An automated check of AT&T’s website (using Acunetix WVS) could have prevented this attack and saved the company from denting its reputation and the subsequent loss of customer trust.


Acunetix provides free audit to help companies determine the security of their websites


Enterprises who would like to have their website security checked can register for a free audit by visiting Participating enterprises will receive a summary audit report showing whether their website is secure or not. Summary reports will be delivered within five business days of submission.

Your IP address:

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any

Network and Server Monitoring

Network and Server Monitoring


Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Bandwidth Monitor

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Security Podcast


Firewall Analyzer

zoho firewall analyzer