US OPERATOR AT&T has been slapped with a $224m lawsuit by a customer who claims the company’s “negligence” led to the theft of almost $24m (£18.9m) in cryptocurrency.
According to Terpin, hackers were twice able to convince AT&T to connect his number to a SIM card they controlled, enabling them to divert his calls and messages to them and to defeat two-factor authentication protections on his accounts.
Terpin alleges that, by bypassing 2FA, the as-yet-unknown hackers were able to take over his Skype account, where they convinced a client to divert a payment to themselves.
The second hack, which came after AT&T agreed to put an additional passcode on his account, saw a fraudster visit an AT&T store in Connecticut and manage to hijack Terpin’s account without providing the code or a “scannable ID” as AT&T requires, the complaint alleges.
Terpin believes the imposter was able to get his to get his phone number from an “insider cooperating with the hacker”
“What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewellery in the safe from the rightful owner,’ the complaint says.
“AT&T is doing nothing to protect its almost 140 million customers from SIM card fraud. AT&T is therefore directly culpable for these attacks because it is well aware that its customers are subject to SIM swap fraud and that its security measures are ineffective.
“AT&T does virtually nothing to protect its customers from such fraud because it has become too big to care.”
In a statement, AT&T said: “We dispute these allegations and look forward to presenting our case in court.”
Source : Inquirer