[WARNING!] AT&T Flaw Provided Hacker Access To Facebook

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Jan 16, 2010.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Apr 2, 2008
    Likes Received:
    Chair moistener.
    If you use Facebook, it might be a good idea to change your password regularly...

    AT&T Flaw Provided Access to Other People?s Facebook Accounts


    A Georgia family found they were logged into other people?s Facebook accounts on their phones last weekend due to a flaw in AT&T?s data routing. The error, seemingly caused by AT&T sending the wrong data to customers, hasn?t been widely reported before.

    According to an Associated Press report, Fran Sawyer and her two daughters visited Facebook on their AT&T phones and found themselves logged into accounts they didn?t recognise. The three sent a mail from one of the unknown accounts to their own Facebook accounts to prove there was an issue.

    The report also cites a second incident in November, where a 25 year old man celebrating Thanksgiving in Vancouver, Washington, found himself logged into a young woman?s Facebook account ? both were using AT&T phones to access the site. When he emailed the woman in question, she replied that she had mysteriously been logged into the man?s account, too.

    The AP writes:

    Generally Web sites and computers are compromised from within? But in this case, it was a security gap between the phone and the Web site that exposed strangers? Facebook pages to the Sawyers. Misconfigured equipment, poorly written network software or other technical errors could have caused AT&T to fumble the information flowing from the Sawyers? phones to Facebook and back.

    AT&T spokesman Michael Coe said its wireless customers have landed in the wrong Facebook pages in ?a limited number of instances? and that a network problem behind those episodes is being fixed.

    Given that there are only two reports of the issue, we?d urge caution on worrying too much about this happening to you. It does, however, raise a new security spectre: regardless of how careful you are with your login information, a routing error at the phone network isn?t something users can guard against.
  2. youngguy

    youngguy BANNED BANNED

    Apr 11, 2009
    Likes Received:
    lol simple answer: DNS Spoofing and most likely it's AT&T's wireless network security thread.
    Last edited: Jan 17, 2010