AT&T AT&T revealed today that a new data breach exposed call and text message records for approximately 110 million people, nearly all of its customers. The company noted that some records contain data that could identify where calls were made and text messages were sent, and said it delayed disclosing the incident in response to “national security and public safety concerns.” AT&T also acknowledged that customer records were exposed in a cloud database protected only by usernames and passwords (no multi-factor authentication required).
in Regulatory filings Together Securities and Exchange Commission AT&T announced today that a cyber intruder accessed AT&T Workspace on a third-party cloud platform in April and downloaded files containing customer call and text communications from May 1 to October 31, 2022, and January 2, 2023.
The company said the stolen data included call records and text messages from wireless carriers that resell AT&T services, but did not include the content of calls or text messages, Social Security numbers, dates of birth or other personally identifiable information.
But the company said some of the stolen records included information about the locations of cell phone towers closest to subscribers, and that the data could be used to pinpoint the approximate location of customer devices sending or receiving text messages or calls.
“While the data does not include customer names, there are often ways to find names associated with specific phone numbers using publicly available online tools,” AT&T acknowledged.
AT&T said it learned of the breach on April 19 but delayed disclosing it at the request of federal investigators. At least one person has been detained by authorities in connection with the breach, according to the company’s SEC filing.
In a written statement shared with KrebsOnSecurity, the FBI confirmed that it had asked AT&T to delay notifying affected customers.
“Shortly after identifying the potential breach of customer data and before making a determination of its significance, AT&T contacted the FBI to report the incident,” the FBI statement read. “In assessing the nature of the breach, all parties discussed a possible delay in public reporting under item 1.05(c) of the SEC Rules due to potential risks to national security and/or public safety. AT&T, the FBI and DOJ collaborated throughout the first and second delay processes, during which they shared significant threat information to enhance the FBI’s investigative authority and assist AT&T in its incident response efforts.”
TechCrunch An AT&T spokesman said customer data was stolen as a result of an ongoing data breach involving more than 160 customers of the cloud data provider. Snowflake.
Earlier this year, malicious hackers discovered that a number of major companies had uploaded huge amounts of valuable and sensitive customer data to Snowflake servers, all the while protecting those Snowflake accounts with just a username and password.
Wired reported Last month, it was discovered that the hackers behind the Snowflake data theft had purchased the stolen Snowflake credentials from a dark web service that sells access to usernames, passwords and authentication tokens siphoned off by information-stealing malware. Snowflake said it would now require all new customers to use multi-factor authentication.
Other companies that had millions of customer records stolen from Snowflake’s servers include: Advance Auto Parts, Allstate, Anheuser-Busch, Los Angeles Unified School District, Mitsubishi, Neiman Marcus, progressive, Pure Storage, Santander Bank, State Farmand Ticketmaster.
Earlier this year, AT&T Reset passwords for millions of customers After leaving the company The company finally acknowledged the 2018 data breach Approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders are involved.
Mark Burnett Application security architect, consultant and author. Burnett said the only real use for the data stolen in the recent AT&T breach is to learn who contacted who and how many times.
“What concerns me most about AT&T’s leak of customer call and text records is that this is not one of their primary databases – the metadata of who’s in contact with who,” Burnett said. I have written On Mastodon: “It makes you wonder what the use of call logs without timestamps or names was.”
It’s unclear why so many large companies continue to believe it’s acceptable to store so much sensitive customer data with so few security measures. Advance Auto Parts, for example, said the exposed data included names, Social Security numbers, driver’s license and government ID numbers. 2.3 million People who were former employees or job seekers.
“At the time, AT&T was not aware of the incident, and we are not aware of any other issues that could affect its financial condition or results of operations. At the time, we were not aware of any other issues that could affect its financial condition or results of operations. At the time, we were not aware of any other issues that could affect its financial condition or results of operations. At the time, we were not aware of any other issues that could affect its financial condition or results of operations. At the time, we are …
