LONDON -- Last weekend, hackers pilfered the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T's online store. The affected site was shut down within hours of the attack being launched. In a statement, AT&T attributed the motive of the attack to a criminal market for illegally obtained personal information. In fact, the data also included customers' credit card details.
Todate, AT&T has not provided details about how the site was hacked, however some unconfirmed reports attribute the website being vulnerable to Cross Site Scripting (XSS).
This attack did not come without cost to AT&T. The company notified each customer by e-mail and is now working with law enforcement officials to track down the hacker. AT&T committed to pay for credit monitoring services to protect those customers purchasing Digital Subscriber Line (DSL) equipment online from possible fraud.