CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack

Data breach exposed records of call and text interactions for nearly all AT&T’s wireless customers and has been linked to the recent attacks targeting Snowflake customers. The post AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack appeared first on SecurityWeek.

AT&T Data Breach

A massive data breach at AT&T that exposed nearly all its wireless customers has been linked to the recent attacks targeting Snowflake customers.

AT&T on Friday said almost all its wireless subscribers were exposed in a massive hack that occurred between April 14 and April 25, 2024, where a hacker exfiltrated files containing “records of customer call and text interactions” between approximately May 1 and October 31, 2022, as well as on January 2, 2023.

In an SEC filing, the global telecommunications giant said the stolen data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information. 

“Current analysis indicates that the data includes, for these periods of time, records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network,” the company disclosed in the filing. “These records identify the telephone numbers with which an AT&T or MVNO wireless number interacted during these periods, including telephone numbers of AT&T wireline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month. For a subset of records, one or more cell site identification number(s) are also included.”

The company also explained that while the data does not include customer names, there are ways to find the name associated with a specific telephone number via publicly available online tools.

“While the information that was exposed doesn’t directly have sensitive information, it can be used to piece together events and who may be calling who,” commented Thomas Richards, principal consultant at Synopsys Software Integrity Group. “This could impact people’s private lives as private calls and connections could be exposed. The business phone numbers will be easy to identify and private numbers can be matched to names with public record searches.”

“Using public search or data from other data breaches that is freely accessible on the dark web, it’s possible to connect information and link phone numbers to people and email addresses,” added Tony Anscombe, Chief Security Evangelist for ESET. “This could easily lead to targeted attacks using the knowledge gained from the AT&T attack.”

“If you suddenly get a message claiming to be from a contact you call or text frequently with a ‘this is my new number’ I recommend calling the person on the number you have for them or emailing them to confirm their new number before interacting,” Anscombe continued. “The issue is no longer about a single data breach, it’s about the context it may add to other data that’s already been breached. This combined data set allows cybercriminals to profile individuals for the purposes of spearphishing and potential identity theft.”

While it did report the incident to the SEC, AT&T claims the incident “has not had a material impact on AT&T’s operations, and AT&T does not believe that this incident is reasonably likely to materially impact AT&T’s financial condition or results of operations.”

AT&T has roughly 115 million wireless customers.

How did AT&T get hacked?

AT&T said customer data was “illegally downloaded from our workspace on a third-party cloud platform.” While the company did not specifically name the platform, multiple sources have linked the incident to a recent series of data heists from the Snowflake platform, where attackers compromised hundreds of Snowflake instances.

In June, Mandiant said a financially motivated threat actor tracked as UNC5537 had compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.

AT&T said it does not believe that the stolen data is currently publicly available, and that at least one person has been apprehended. 

Ticketmaster, Santander Bank, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, and State Farm were previously named as potential victims in the Snowflake attack campaign.

*Updated with additional commentary. Removed reference to Progressive as being impacted.

Related: Snowflake Data Breach Impacts Ticketmaster, Other Organizations

Related: AT&T Data Breach Update: 51 Million Customers Impacted

Related: AT&T Says Data on 73 Million Customers Leaked on Dark Web

Latest News

CYBERNEWSMEDIAPublisher