Because most numbers are linked to real names, the records reveal who is close to whom — providing a road map for criminals who pose as friends or relatives to deceive victims. Mimicking text messages from financial institutions could trick account holders into revealing passwords, and workplace relationships could reveal the identities of U.S. spies.
The fact that US intelligence agencies had access to similar call records was one of the most disturbing and impactful cases. Revelations by federal contractor Edward Snowden That was the case 10 years ago. Now most of it may be sold to criminals or other governments.
AT&T is the largest mobile phone company in the United States. StatistaIt has over 200 million accounts.
Get caught up in
Stories to keep you up to date
AT&T said it was unaware that the materials had been made public and that it had made one arrest. The company said it learned of the theft in April but delayed disclosing it as required by recently adopted Securities and Exchange Commission rules at the request of law enforcement for national security or public safety reasons. This is the first time such a delay has been disclosed.
Justice Department spokesman Joshua Stubbs confirmed that the FBI had used a provision of the law allowing the delay and said AT&T had cooperated with the investigation. He did not say how the breach affected national security.
The leaked information did not include Social Security or credit card numbers, but it did include an undisclosed number of customers’ cell tower IDs, which allowed them to pinpoint their physical locations.
Experts warn that even without location data, hackers could unravel relationship networks: Targeted criminal prosecutors and police officers could identify close relatives and use their numbers to find their addresses, as could an ex-lover.
The list also includes numbers of people who are in contact with AT&T users, so “it’s likely that nearly everyone who uses SMS or voice calls in the United States is on the list to some degree,” tech security expert Matt Blades wrote on social media platform Mastodon.
AT&T said the attack began with compromised accounts at Snowflake, a large but little-known cloud data storage company that has compromised more than 100 of its corporate customers over the past few months. Bozeman, Montana-based Snowflake said most or none of the victims were using multi-factor authentication.
“This incident was limited to AT&T Workspaces on the Snowflake cloud platform and did not impact the AT&T network,” the company said, adding that it would notify affected consumers and provide resources to help. Protect your information.
“We deeply regret that this incident occurred and remain committed to protecting the information under our control,” the company said.
Snowflake, which has denied responsibility for past data breaches and has come under heavy criticism from security experts for being slow to help customers, told The Washington Post on Friday that it is still working on the process to allow customers to require two-factor authentication.
Snowflake customer data has previously been sold on online criminal forums. reportGoogle Cloud’s Mandiant division, one of the security firms hired by Snowflake, said the hackers initially used login credentials obtained through malware known as an infostealer — a specialized type of malware that steals sensitive data from corporate or personal devices that have been compromised by other means.
Mandiant said some of the infected devices had downloaded games or pirated software, a common vector for the malware.
The hack marks the latest major security incident for AT&T. Disclosed by the company Account information for 73 million current and former customers was leaked onto the dark web.
The incident highlights the enormous influence of America’s largest wireless carriers.
The company did not disclose how many customers were affected by the breach, saying only that “nearly all” of its wireless customers and virtual mobile carriers, as well as some AT&T landline customers, were affected.
Snowflake said in a statement from Chief Information Officer Brad Jones that it had found no evidence to suggest a breach of its platform. update The company mentioned in a blog post a “targeted threat campaign” against some of its customers, but it was not immediately clear whether the campaign was related to the AT&T incident.
“We have not seen any evidence to suggest that this activity was caused by a vulnerability, misconfiguration, or compromise of the Snowflake platform,” Jones said, adding that this was confirmed by Mandiant and CrowdStrike.
AT&T said the hack did not have a significant impact on its operations and would not negatively affect its financial results.