What the AT&T breach means
Marc J. Miller
Senior Product Manager | Product Strategy | Leadership Coach | Customer Research | Scrum | Technical | Business Requirements | Cybersecurity | Integrity | Transparency | Dedication | Value Metrics | Lean Agile
You might have heard already, but if you haven't, it was recently announced that potentially all text message and phone records from a 6 month period in 2022 were leaked. The content of those text messages and calls was not available to attackers, nor the names of the individuals and companies involved, but the phone numbers used were leaked, which is enough to reverse-lookup who was calling whom.
But your data is already public
Advertisers already know who you are
For decades, data about you has been publicly available. Even the free tools available from Google Analytics allow people to track traffic by:
...and that doesn't even include all the behavioral traffic collected. For example, if you see an ad on a page, the action of sending that ad allows the advertising service to track and collect:
Over the years there has been growing concern that smart speakers were listening into conversations, but Amazon and others have been adamant that they are only listening for their wake word. Why, then, do you see so much targeted advertising, then? Advertisers don't need smart speaker data to determine who you are, they already have it.
In fact, the web browsing behavior is what allows advertisers to determine the anonymous user's gender, age, and interests mentioned above.
For example, just knowing the user has accessed several websites related to the same theme allows them to make an educated guess as to who the person is.
Even back in 2016, PBS published an article about "The secret things you give away through your phone metadata" and in 2018 a video was published about additional factors that are used to determine information just by cross-referencing the device with data gathered from other nearby devices.
Even though all of this marketing data has been public, that data has mostly been used for good. The advertising that reaches us is much more relevant than it was 10 years ago. Even though your identity is anonymous, enough about you is known that advertisers literally bid against each other to have access to people just like you.
领英推荐
If you had to choose, would you rather be seeing advertisements for boats, or Barbie dolls? Maybe there's a new treatment for that medical condition, wouldn't you prefer to know about that than a new brand of toilet paper? Or the reverse, maybe you don't have that condition and you would much rather hear about the toilet paper!
The information is also available to people not so benign
If I knew that you regularly call or text with a certain financial service, I could then set the Caller ID to match that phone number and pretend to be that service to make you transfer money to a so-called "secure" account.
Or, I could pretend to be a friend or family member that needs your help.
Or, I could determine to be your employer, and social engineer my way into your employer's systems by pretending to be the IT Service Desk.
Know how to protect yourself
We don't have much control over what happens to our data once it's out there, so always be suspicious of an out-of-the-blue contact who wants you to do something immediately without thinking it through.
And that's not new. It's been over 10 years since Xfinity called me about a promotion to reduce my internet bill if I prepaid for 24 months now, and the caller had my name, address, and a good guess as to what internet plan I was on. I fortunately didn't fall for it, and a call to Xfinity confirmed they had no such deal. A few times over the past year I was called by a utility provider to pay an overdue account immediately or they would turn off my electricity, and they had my name and former address.
If you get a call you're not expecting to do something immediately, be suspicious.
Should I be worried?
In two words, probably not, or at least, not any more than you have been in the past. True, the study mentioned in the PBS article linked above were able to determine religious affiliation, pregnancy, heart conditions, and that someone was interested in learning how to grow marijuana. So yes, the information gathered from public sources can be quite revealing. And, as we discussed above, it's always smart to protect yourself.
It's just that now there is a new repository, and someone may try to prove their phony identity using a new source of information -- your 2022 AT&T cell phone records.
Technology & Operations Leader ? Site Reliability Engineering Manager ? Cloud Operations Manager ? DevOps Manager ? Organizational & Agile Leader ? Mentor ? Global ? Operational Excellence
8 个月Great article Marc J. Miller. I'm going to repost/share with my network.
Small Business and Startup Advisor, RebootCamp.US
8 个月Just got fooled by a "Microsoft Defender" warning about a breach. It annoys me that Zander told me Microsoft knows about this scam and did not warn their customers, I would have been suspicious if it hadn't seemed that the warning prevented me from using my mouse. Being on the Board for a cyber group for almost 3 decades and falling for this irks me! They wanted me to submit a duplicate payment that would allow them to prevent a transfer of funds to a Chinese child porn site because they had no way to stop the payment that I had authorized when the evil person impersonated me. When I said I was on the way to the bank so the rep could explain this amazing concept to the manager there, he hung up, It's tiresome! The people who think up this kind of stuff are smart and could use their brains for good instead of evil.
Product Strategy and GTM || F5 || Ex-NTT || Ex-Equinix
8 个月Great work, Marc! Very insightful article.