AT&T Homepage Mistakenly Warns Users of a Non-Existent Data Breach

The boilerplate FAQ is an interesting peek behind the curtain at how companies prepare for data breaches, and at how they pre-plan their apologies.

|
May 21 2019, 2:44pm

Image: KENA BETANCUR/AFP/Getty Images

On late Monday, AT&T warned visitors on its website of a “data incident” with an ominous banner at the top of the company’s homepage, according to people who visited the page at the time.

“You may be affected by a recent AT&T data incident. Check if your accounts are impacted,” the message said.

The banner linked to a confusing and incomplete FAQ, which also contained a link to a site where users could enter their number to check if they were affected. We tested the tool with one AT&T account and found that it was not affected.

On Tuesday morning, the banner was gone. But the page it linked to, was still live. And people on Reddit and other social media sites were a bit worried.

The page contained a lot of the usual boilerplate language companies use when a data breach happens, but it didn’t actually contain any details.

“Has the incident been contained? TBD” reads one question.

“How many customers were impacted?” reads another question. “We’re still looking into this, but it looks like about [X] customers were affected. We’ll be sure to let them know.”

But an AT&T spokesperson told Motherboard in an email that there's no reason to worry. This was all a mistake.

“We apologize for any confusion or inconvenience,” the spokesperson said. “A message was inadvertently posted to our website during routine testing. The message was quickly taken down.”

Have a tip about a data breach? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv

Regardless, the boilerplate FAQ is an interesting peek behind the curtain at how companies prepare for data breaches, and at how they pre-plan their apologies: "We apologized to all who were affected, and we've taken appropriate steps to help prevent this from happening again," the page said.

False alarms from big companies about cybersecurity incidents are not uncommon—especially this week. On Monday, Gmail sent security alerts to several users telling them someone was logging into their accounts. That, too, was a false alarm.

On one hand, AT&T deserves praise for having a placeholder data breach page ready to go in case of a data breach. On the other, it’s embarrassing that the test page and banner went live by mistake, alarming some users.

Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.

Stories