Proof! AT&T Lied. People Are Using Your Credit Cards & Social Security Numbers

Well, just as I posted my previous article saying that AT&T most likely lied, Gizmodo released information from it’s readers saying that when they go to pre-order, AT&T gives them a different shipping address and credit card info!

This is an absolute mess. This is the Gulf Oil Spill of the tech world. Millions of people’s information is accessible to anyone. Your credit cards, Social Security numbers, calling records, and now your address. This is probably AT&T’s biggest security breach, ever.

Now, crashing servers during iPhone launches are nothing new from previous years, but now even it’s customer’s ultra sensitive information is being laid out and they have no clue how to stop it? The only good thing I can see from this is that AT&T has given Apple one more reason to kill their exclusivity contract (if they haven’t already).

Well guys, here’s a some e-mails sent to Gizmodo, laying out their proof on how AT&T lied to us all.

From: Christian du Lac
Subject: whose credit card? not mine
Date: June 16, 2010 12:54:17 AM EDT
To: Jesus Diaz

Great coverage on the iPhone/AT&T disaster.

I was one of the lucky ones who secured an iPhone upgrade — at 2:30am west coast time, after over an hour of server failures, etc.

On a matter perhaps related to the AT&T server software update you reported on today: I have an AT&T Wi-Fi Premium account — the kind that you can use at Starbucks — that I want to cancel, since Starbucks is making wi-fi free in a couple of weeks.

When I enter my account to remove my credit card info, it describes my card as an American Express, and shows a partial account number and expiration date. Problem is, it’s not my card: I haven’t had an Amex account in 12 years. (Screenshot attached).

– Christian

Here’s a second e-mail:

From: Melissa Phillips
Subject: AT&T Security
Date: June 16, 2010 2:20:49 AM EDT
To: Jesus Diaz

Had this happen to me twice when attempting to order through the Apple Store. Once you get to the check out, evidently they will only ship to the AT&T billing address and random addresses have come up.

The first time it happened I was in the Apple Store in Jacksonville and we were about to hit the final check out button when my husband noticed the shipping address was somewhere in Virginia to a name that wasn’t ours. We backed out and were never able to get that far again so we left the store.

Got home and tried again on the Apple website.. not AT&T around 2:00 am, this time it happened again with a different address and having read your article I knew what was up. I took the attached screenshot. Shut the browser down, tried again in a completely different browser and it went through.

Scary to think how many people purchased through Apple website and were so happy that it was finally working that they never noticed the incorrect shipping addresses. On the other had many people are going to be getting some free iphones…

M Phillips

Finally, a third e-mail that has been made public:

From: Gregory Sarrica
Subject: iPhone 4 Order Security Breach E
xposes Personal Information
Date: June 16, 2010 7:24:45 AM EDT
To: Jesus Diaz

I just received an order confirmation yesterday for an iPhone 4 and I did not even order one! I was googling around to see if this happened to anyone else and I found your article on Gizmodo.

This is amazing! I thought it was fake at first but after checking the order status on ATT’s website I knew it was a real order. Now I just wonder if it will come to my house.


  1. T says

    Ok ok so I reserved one on apple and am picking it up from the store, all I entered was phone number , zip, and last 4 digits of social. I hve never even signed into ATT mywireless before, I don’t think I even have an account set up… Am I safe?

    • says

      lol, this sounds like a bad end of the world movie but, no one is safe. If you have ANYTHING, ANYTHING AT ALL to do with AT&T, ur screwed. Apple’s purchasing system checks in with AT&T and logs in to obtain your account info. The only possible way that you are not affected is if you bought your iPhone right from Apple and didn’t want/have an AT&T account. Only if you bought it and didn’t give out your phone number, social, address, zip, or anything.

      The thing of the matter is, even people who didn’t order an iPhone 4 or anything are affected.

      AT&T’s entire user database has been compromised and they are leaking info faster than BP is spilling oil. That’s the fact of the matter.

      According to sources, it looks like AT&T updated their systems over the weekend, but neglected to test it at all, and when people started pre-ordering, then it all went downhill and the updated servers started giving out the information of random people.

      Also, there are always malicious hackers out there and they have been exploiting this loophole to obtain credit card info, addresses, social security numbers, you name it.

      I’m really sorry to be having to tell you all of this but there is a high chance that thousands, if not millions, of people are now at risk of identity theft.

      I would suggest not logging into AT&T at all, checking your credit report, and checking your bank statements very frequently for the next few months.

      This is a huge and very awful thing that has happened, and AT&T can’t find out why this is happening, and until they do, there is little they can do. If they completely shut down access to bringing in new phones, then they lose millions of dollars a day.

      This isn’t going to be pretty.

      Just like with those imbeciles at BP, this is going to hit home, and it’s made a huge mess. The amount of confidential information that has been exposed is unimaginable and AT&T is downplaying it.

      That is the stupidest thing AT&T could have possibly done.

      So, I would really start hoping that you aren’t one of the unlucky ones affected. This issue is still going on, so be careful, and like I said, check your financials very frequently in the coming months.

      I’m sure we will hear of a class-action lawsuit soon against AT&T for compensation, I suggest you get a good lawyer and join in if you see any signs of identity theft.

  2. T says

    Sorry didn’t read your other reply. Ok so how should I go about checking if I was “hacked”? Should I make an AT&T mywireless account? Should I ask my dad to check his credit cards? What am I supposed to do -.- fucking AT&T

    • says

      Yes, as I said, check your credit score and get a credit report very frequently. Get bank statements often as well.

      No, the worst thing you could do is add more info into AT&T.

      There is little you can do, even canceling wouldn’t matter if someone already has your info. Also, AT&T keeps their records for about 30 days.

  3. T says

    well he said that he doesn’t pay with a credit/debit card so I think I’m good. The only time he did was when we bought this iphone. Now I’m just paranoid of everything, fucking AT&T. I was one of the people that said “No No, AT&T is fine, People just like to talk shit about them.” Thanks for proving me wrong AT&T, I was probably your only supporter. So yeah, Thanks for the info Alan. You may have saved us by letting us know to watch out.

    • says

      Oh really? Well its still in the system. Like I said, I’m not trying to scare you or get you paranoid, but trying to prevent anything from happening to (at least) any of our readers.

      Well, as to your AT&T support, I assumed so, lol. Hell, your name is AT&T’s stock symbol, lol. (T – NYSE)

      Yeah, it’s no problem at all. I love doing this and I also like taking good care of our readers by informing them and giving them the heads up as soon as we hear something. A couple of the major news sites just now got wind of this story. It’s sad really.

      I just hope that not too many people’s financials are damaged. However, unfortunately, this hope of mine is most likely not how it is. I’m almost certain thousands (or millions) of people have been affected.

      Hell, if in a couple hours of an AT&T iPad e-mail retrieval exploit resulted in 130,000 email addresses being stolen. Imagine days and full information.

      What a mess.

  4. T says

    They should give free months of service just because they make us worry about our safety. If they don’t resolve this soon, I will beat down the next AT&T employee I see at the mall. ;]

    • says

      Actually, that’s the least they could do. Like I said, I’m sure we’ll hear about a class-action lawsuit soon.

      lolz, I would approve of that if it were AT&T’s CEO for allowing such stupidity to happen, lol. Employees didn’t really have anything to do with it, they were following orders and taking orders, nothing wrong.

      It’s AT&T’s CEO that neglected to tell his software and network teams to check over the updated servers before going live.

      This is 10000000% AT&T’s fault. Apple is only partially at fault, the only reason I say that is because they made the stupid mistake of making the exclusive contract so long.

      They needed a contract to start the iPhone off (after Verizon basically said “Eff you”) but 5 years is too long. I’m sure the contract has been renegotiated (I expect to see a multi-US carrier iPhone in 2011 or late 2010)

  5. T says

    If we all start beating up random employees, they will eventually quit and down with AT&T? haha, I’m kidding of course but I can always dream. :] And yeah I agree completely with this being all AT&T’s fault.

  6. T says

    If I wasn’t so addicted to damn apple products, I could wait for the next iphone on a different carrier but I NEED IPHONE 4! Been nice talking to you Alan, I’m probably off for the day. Keep up the good posts.

    • says

      lol, if I had the cash, I’d be in line on the 24th, lol. You needz, lol. Yeah, right back at ya. Hey, thanks!

      Hope everything turns out fine. Just do what I told you and you should be fine and able to detect any weird things on your credit score and bank pretty quickly and stop them and catch the crook.

Leave a Reply

Your email address will not be published. Required fields are marked *