‚ AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).‘
https://krebsonsecurity.com/2024/07/hackers-steal-phone-sms-records-for-nearly-all-att-customers/
Yes there was a TechCrunch article that went into some detail from this morning. They did not have MFA on their Snowflake data warehouse accounts.
This is absolutely basic level security shit for any organization. People responsible should go to prison.
No replies yet.
