AT&T has had 19,000 customer records stolen from its online store by hackers.
Hackers recently pilfered the personal data of the DSL equipment customers through a known vulnerability. The affected site was shut down within hours of the attack.
AT&T attributed the motive of the attack to a criminal market for illegally obtained personal information, although the data also included customers' credit card details.
The company has not provided details about how the site was hacked, and has notified each customer by email and is now working with law enforcement officials to track down the hacker. AT&T committed to pay for credit monitoring services to protect those customers purchasing Digital Subscriber Line (DSL) equipment online from possible fraud.
Websites with applications such as shopping carts, forms, login pages and dynamic content, in general, are always a prime target for attack. To function fully, web applications require open and direct access to backend databases: if improperly coded, Web applications become easy gateways to social security numbers, credit card details, and even medical records.
Hackers experiment heavily with a wide variety of techniques to lay their hands on this type of data because the pay-offs are enormous.