I spent a smidgeon over a decade inside at&t, working on various systems and projects. The whole network/platform is a house of cards. If it were built entirely on swiss cheese, it would have less holes.
Luck of the Irish perhaps, have kept larger issues like this from happening time and time again.
Back when all the user authentication data was held in nis+, and none of the nis+ servers were behind any sort of firewall or even ACL, some clown in SF figured out ... you mean I can become a client of said nis+ server, and download every customer's authentication information? Wow!
Oops!
Wait ... you mean there are root passwords on some servers and routers/network devices that haven't changed in years?
So ... how much you wanna bet, the administrative level password hasn't changed still?
Sadly, the corporate policies defined by the Computer Information Security department should prevent this sort of thing from being possible.
So if at&t can't even be in complete compliance with it's own rules & policies, why should we believe at&t is in complete compliance with federal, state, local laws, trade agreements, and so forth.
OP-113! SW-908!
Classic B (BellSouth) management isn't helping. Ass clowns!
It could be worse. In 1998, I observed a competitor based in town, that had the ENTIRE CUSTOMER BASE, in UNIX passwd files, that were available on the ftp server! No! they did not use shadow password security!