AT&T Data Breach (LTE connectivity)

[Critical Habitat]

With the just-announced AT&T Data breach exposing all personal data for EVERY cell phone/data account from every US customer, what is @Ford Motor Company doing to help those with factory AT&T LTE modem accounts we were forced into for connectivity?

They already had a breach in april that exposed 70 million current and former account users.

Sponsored

 

[Wayfaring Ranger]

We didn't need to create AT&T accounts for our ranger connectivity. I don't think this really applies to us.

If anything the hackers have our Ranger's modem MAC address/SIM Card info...I wouldn't really call that sensitive data that we need to be concerned about. They are just unique identifiers.

 

[Critical Habitat]

Maybe, but I'm looking for Ford to explain if/how it affects customers. One has to set up an account with AT&T for continued connectivity and is currently used to link to Fordpass data.
I believe the account is indeed linked to your VIN #.
In-Car Wi-Fi and Wireless Internet Service | AT&T Wireless (att.com)

 

[RR BRRRRT]

Unfortunately our data is stored digitally and no computing system is secure. Your credit card and phone number are more valuable than your SSN.

Here's a privacy issue I had with Ford. I purchased a new 2018 F150. Nobody explained to me that my truck had a cellphone or "modem" installed in it. A few months after purchase, I received a mailer that said "use Fordpass to access your trucks features...." blah blah blah. I didn't think it would work because my truck had that option, or did it?

So I'm sitting in my computer room, download the Fordpass app to my phone, enter the VIN# and my truck appears. Cool. The location says my truck is parked at exactly my street address. WTF. I hit the start button and I hear my truck start up in my garage a few seconds later. To my ignorance, for years I thought this was working off the Wifi or bluetooth of my phone, not the device installed in my truck.

Last year I saw a video online on how to remove or disable your modem. That's when I realized every new truck since 2018 had a cellphone/modem installed in them. Ford is monitoring your driving habits and locations you visit. Are they listening to us too?

I was really angry about this. Nowhere during the buying process was I told a tracking and telematics device was installed in my truck. I am someone who pays attention to privacy and tech stuff and even I didn't know about this at the time. And I bet most Ford owners have no idea as well.

The dealer who sold me my RR made it clear the truck had a modem installed in it and helped me disable some features that are automatically turned on.

 

[Critical Habitat]

All my data was also exposed by the latest ticketmaster fiasco. Signed up for their monitoring and my info is indeed on the dark web for sale. Immediately changed passwords and added two- factor authentication to services/accounts that did not have it previously. If one has AT&T, I suggest also accepting their offer of experian monitoring.

If you've ever had your credit card go on buying sprees in the Chicago area when you know it is in your wallet, you know you have been a cloning or other breech victim. Fortunately, fraud detection locked my card after the criminals went from buying packs of gum and big meals at Wendy's to big purchases at big box stores.

 

[Wayfaring Ranger]

Last year I saw a video online on how to remove or disable your modem. That's when I realized every new truck since 2018 had a cellphone/modem installed in them. Ford is monitoring your driving habits and locations you visit. Are they listening to us too?

I was really angry about this. Nowhere during the buying process was I told a tracking and telematics device was installed in my truck. I am someone who pays attention to privacy and tech stuff and even I didn't know about this at the time. And I bet most Ford owners have no idea as well.

this info, along with your driving stats like instances of hard breaking/hard acceleration etc is being automatically shared with insurance companies too, via LexisNexis.

you can try requesting your entire data file from LN, although I did weeks ago and I haven't heard anything back yet.

the problem is that there ARE useful features that are bundled into this tech. stuff like internal GPS that works better than phone GPS. but you have to agree to everything to get the benefits.

 

[Zackattack2846]

It’s anyone to made a call with anyone who used AT&T as a cell provider.
Not sure why you care about the truck, but yeah unless you have managed to only ever call someone on Verizon or sprint during that time span, get wrekt

 

[SubaruRaptor]

All my data was also exposed by the latest ticketmaster fiasco. Signed up for their monitoring and my info is indeed on the dark web for sale. Immediately changed passwords and added two- factor authentication to services/accounts that did not have it previously. If one has AT&T, I suggest also accepting their offer of experian monitoring.

If you've ever had your credit card go on buying sprees in the Chicago area when you know it is in your wallet, you know you have been a cloning or other breech victim. Fortunately, fraud detection locked my card after the criminals went from buying packs of gum and big meals at Wendy's to big purchases at big box stores.

So the hack only contained your phone number, contact phone numbers of anyone you talked to, and frequency. It didnt contain any data related to what was in texts and stuff. There essentially is no impact, as the data is rather useless outside of eventually exposing cheating spouses and most peoples phone number is already breached.

If you havent, you should go to haveibeenpwned.com and check your email and passwords there. That can tell you a lot about any other breaches you were in, how compromised a given a password is and such.

As far as these hacks go, generally speaking, the vast majority of information that has already been stolen, was stolen from the equifax breach and several others. If you use social media at all, all those details are already being sold by all those companies to ad agencies, so none of your data is exactly secure regardless of the breach or not.

The main thing to be concerned with would be your banking info at this time. Doesnt look like they got that, so outside of just being upset, not much to do here on this hack. General best practice though to help in future breaches, of which there will be plenty, lots of companies do shitty practices with storing data and because end users are stupid and click on every email attachment ever, its pretty easy to hack almost any company, is to enable MFA on all accounts and move to a password manager.

I use Keepass, as its open source and local only. I store all my accounts for everything there and I dont know any of the passwords for any of my accounts becasue I moved to 64 character random strings for everything. On my phone I moved to biometric auth for all apps after the initial password entering, and keep a copy of the keepass database on my phone if I need it. Doing all of this, along with no longer saving credit card information on 3rd party sites + enabling mfa, means for any given breach, i know exactly what accounts were effected and it limits having to mess with the over 200 accounts I have, as I can just go change one password.

For most users that will be hard to do, so the recommendation is, if you dont want to move to a password vault and adopt a similar strategy is that you move to password phrases. Complexity in a password, ie upper lower numeric, and symbols basically means nothing, and from an end suer perspective users are lazy with how they use symbols (a is A, O is 0, e is 3). So just making long passwords is better. yes adding complexity adds entrophy, but you can gain vastly more entrophy by just simply increasing the length and nothing else.

hownowbrowncow, has more entrophy then P@ssw0rd1 as an example. passphrases are also vastly easier for a human to remember because now you can do stuff like mywifehasaphatass or whyispenissosmall or trumpisloserandonlymoronsvotefortrump.

Lastly, Ford isnt liable in this data breach, so they wont do much for you beyond say talk to AT&T. how cyber insurance and responsibility is written and falls, its up to the breached company to handle any fall out from the breach not Ford.

 

[BigMeatsBronco]

So the hack only contained your phone number, contact phone numbers of anyone you talked to, and frequency. It didnt contain any data related to what was in texts and stuff. There essentially is no impact, as the data is rather useless outside of eventually exposing cheating spouses and most peoples phone number is already breached.

If you havent, you should go to haveibeenpwned.com and check your email and passwords there. That can tell you a lot about any other breaches you were in, how compromised a given a password is and such.

As far as these hacks go, generally speaking, the vast majority of information that has already been stolen, was stolen from the equifax breach and several others. If you use social media at all, all those details are already being sold by all those companies to ad agencies, so none of your data is exactly secure regardless of the breach or not.

The main thing to be concerned with would be your banking info at this time. Doesnt look like they got that, so outside of just being upset, not much to do here on this hack. General best practice though to help in future breaches, of which there will be plenty, lots of companies do shitty practices with storing data and because end users are stupid and click on every email attachment ever, its pretty easy to hack almost any company, is to enable MFA on all accounts and move to a password manager.

I use Keepass, as its open source and local only. I store all my accounts for everything there and I dont know any of the passwords for any of my accounts becasue I moved to 64 character random strings for everything. On my phone I moved to biometric auth for all apps after the initial password entering, and keep a copy of the keepass database on my phone if I need it. Doing all of this, along with no longer saving credit card information on 3rd party sites + enabling mfa, means for any given breach, i know exactly what accounts were effected and it limits having to mess with the over 200 accounts I have, as I can just go change one password.

For most users that will be hard to do, so the recommendation is, if you dont want to move to a password vault and adopt a similar strategy is that you move to password phrases. Complexity in a password, ie upper lower numeric, and symbols basically means nothing, and from an end suer perspective users are lazy with how they use symbols (a is A, O is 0, e is 3). So just making long passwords is better. yes adding complexity adds entrophy, but you can gain vastly more entrophy by just simply increasing the length and nothing else.

hownowbrowncow, has more entrophy then P@ssw0rd1 as an example. passphrases are also vastly easier for a human to remember because now you can do stuff like mywifehasaphatass or whyispenissosmall or trumpisloserandonlymoronsvotefortrump.

Lastly, Ford isnt liable in this data breach, so they wont do much for you beyond say talk to AT&T. how cyber insurance and responsibility is written and falls, its up to the breached company to handle any fall out from the breach not Ford.

read up!


https://www.autoblog.com/2023/11/11/appeals-court-rules-carmakers-can-store-data-permanently-and-share-it/#:~:text=A U.S. District Court dismissed,on appeal in late October.

https://fordauthority-com.cdn.amppr...rivacy-lawsuit-dismissed-in-washington-state/

 

[BigMeatsBronco]

With the just-announced AT&T Data breach exposing all personal data for EVERY cell phone/data account from every US customer, what is @Ford Motor Company doing to help those with factory AT&T LTE modem accounts we were forced into for connectivity?

They already had a breach in april that exposed 70 million current and former account users.

this is far worse than the media reports...

"Ford vehicles are able to access and store personal data such as call logs and text messages indefinitely via any phone that connects to the system – even if those records and messages are deleted on the phone in question or disconnected from the vehicle."

 

[Jason B]

Maybe, but I'm looking for Ford to explain if/how it affects customers. One has to set up an account with AT&T for continued connectivity and is currently used to link to Fordpass data.
I believe the account is indeed linked to your VIN #.
In-Car Wi-Fi and Wireless Internet Service | AT&T Wireless (att.com)

That's not true. You only need the AT&T account if you want to use your truck as a WiFi hot spot. Ford Pass works fine without the AT&T account. I HAD an account for a while but canceled it due to it be useless for me.

Edit: I'm in a 5G, maybe different for 6G??

 

[Critical Habitat]

Correct - a formal account needed for WI-FI and advanced connectivity.
But the LTE modem is factory-connected through AT&T as part of your original purchase, unless disabled, and linked to your VIN and fordpass, if you choose to see service info, tire pressure, etc, in the app.
I still am keeping AT&T connectivity for now. Too many features depend on it.

Sponsored