14 DAY TRIAL // A few days ago we reported that CloudFlare representatives reached the conclusion that UGNazi hackers managed to breach their systems by first compromising AT&T. Today, the company’s CEO Matthew Prince has returned with additional details.
“The morning of June 1, AT&T's customer support receive a call from the hacker impersonating me. AT&T's logs show that the hacker was not able to answer the account's official security question, but the customer support agent verified the account with the last four digits of my social security number,” he explained.
However, the AT&T account is a corporate one and it shouldn’t have contained Prince’s social security number. Furthermore, he claims that the hackers shouldn’t have been able to access the account based only on that information.
“The hacker asked the voicemail box to be redirected to the phone number (347) 291-1346. That is a landline or VoIP line controlled by Bandwidth.com. That, subsequently, allowed the hacker to fool Google's voice authentication system into leaving the account recovery PIN on my voicemail,” he added.
While the telecoms company continues to investigate the incident, CloudFlare has implemented an additional security measure that requires all individuals who want to access and modify the AT&T account to know a 4-20 digit password.
According to Prince, Google has also done its share to prevent such incidents from occurring in the future.
“Google appears to have removed the voice verification option from the Gmail account recovery process. Given how easy it appears to redirect voicemail, voice calls should not be considered a secure out-of-band channel,” he said.
In addition, Google’s Authenticator app has been implemented for two-factor authentication, this method offering an enhanced protection as opposed to a system that passes through a mobile services provider’s network.