AT&T is dropping famed hacker-turned-security-expert as a customer because it can’t seem to stop script kiddies from stealing his data. It’s clearly the easier solution, but is it the right one?
“They can’t seem to secure my account,” Mitnick told The Register. “And then instead of doing something about it, they try to kill the messenger and want to boot me off their network when all I want them to do is to secure my account so no one gets access to my phone records.”
Mitnick said the cellular account has been repeatedly breached over the years, despite a wide range of countermeasures he’s followed to prevent the attacks. In recent years, he’s committed the password to memory and has deliberately not shared it with anyone or kept it stored on a computer. …
“There are so many ways into these networks,” he said. “They have to take some responsibility, not just silence the people that are filing complaints.”
An AT&T spokeswoman didn’t immediately have a comment. She said she would have to check whether customer passwords are encrypted when stored on AT&T servers.
Oh, how comforting! Nice to know security is AT&T’s top priority.
Update: And here’s AT&T’s response:
We investigated Mr. Mitnick’s claims and determined they were without any foundation. We refused Mr. Mitnick’s demands for money, but did offer to let him out of his contractual obligations so that he could find a carrier that he would be comfortable with.
We require that any systems containing sensitive information regarding passwords encrypt the data. In addition, we send reminders to our customers explaining the importance of using complex, hard to guess passwords and changing them frequently.