Security Briefing: Domains hijacked, AT&T data pwned
A lot of infrastructure and data has been hijacked so far this month, and it does have implications for your self-custody. Let's dive in into this week's briefing.
Domains hijacked for multiple crypto project websites
Much of the crypto ecosystem grappled with hijacked domains last week after their registrar changed hands, researchers said. Affected projects included Compound Finance, Celer Network and Unstoppable Domains.
The wave of attacks is suspected to be the result of an acquisition and subsequent migration. Google Domains sold its assets to Squarespace in 2023. Because customers hadn't yet created email accounts with Squarespace, malicious actors were able to register since email verification was not required, according to reports.
🔑 Key Insight: Unless you're a web developer, the primary way these domain hijackings affect you is through potential phishing attacks. In this case, a malicious actor commandeers the actual domain name to glean your login credentials. Time tends to be a factor so they're also inclined to lure you to the site through emails, which they could also send if they have the domain. Be wary of unsolicited communications even from brands you trust.
AT&T suffers major breach, customer call and text records 'illegally downloaded'
AT&T confirmed on July 12 that call and text records for almost all of its customers were exposed via a third-party data breach. The records were from between May and October of 2022.
While call and text content was not included in the breach, the records contained the telephone numbers an AT&T cellular number interacted with during these periods and AT&T landline numbers that interacted with cellular numbers.
The data had been stored on a third-party cloud storage provider. AT&T said in a statement that it is working with law enforcement and one person has been apprehended so far.
Security tips to help you while traveling to conferences
Security is a lot different when you're on the move, and it's not as simple as hiring a bodyguard. Especially when you attend bitcoin and crypto conferences, the threat model is just as digital as it is physical.
These tips will help you stay savvy before, during, and after the main event, and they're a good refresher for even the seasoned attendee.
Why does self-custody matter so much for your bitcoin? It's the only ownership claim the network recognizes. Hear Jameson explain more in a short video below.
Are you up to date with your security?
The Casa Security Briefing is a free newsletter that summarizes security news with key insights to help you and your bitcoin stay safe. Sign up for free below.