Hackers Steal Phone Records of 'Nearly All' AT&T Customers

[MacRumors]

Hackers broke into a cloud platform used by AT&T and accessed the phone records of "nearly all" of its cellular customers, AT&T announced on Friday.

AT&T said the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages across a six-month period between May 1, 2022 and October 31, 2022.

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller, unspecified number of customers, as well as call records of customers with other cellular carriers that rely on AT&T's network.

Some of the records include cell site identification numbers linked to calls and texts, which can be used to work out the approximate location of where a call was made or message sent.

The downloaded data doesn't include the content of any calls or texts, or their time stamps, according to AT&T. It also doesn't have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

AT&T said it learned of the data breach on April 19, and that it is unrelated to an earlier security incident in March. The company said it does not believe the data is publicly available at this time, and it continues to work with law enforcement to identify and apprehend those involved. At least one person is said to have been arrested.

AT&T told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake's customers. Other companies that have confirmed stolen data from Snowflake include Ticketmaster, QuoteWizard, and others.

Cybersecurity researchers from incident response firm Mandiant say the hacker group is mostly based in the US and those involved are financially motivated.

AT&T customers concerned about phishing and smishing scams should visit the company's support article, which also includes advice on how to protect yourself from online fraud.

Article Link: Hackers Steal Phone Records of 'Nearly All' AT&T Customers

 

[6787872]

bad but i could care less about old metadata like this

 

[spartan1967]

Obviously these hackers need to be held accountable but at this stage of our technology development, so do the companies that have been hacked. Not only for being infiltrated, but also for any future losses customers incur from this crime.

 

[Fuzzball84]

This is why we should all be concerned about our data in the cloud. There is no security up there… especially if China is sending up “weather” balloons and collecting phone records as it traverses some clouds. They need to have fighter jets protecting all of these companies using the clouds.

I mean you don’t even need a weather balloon. If you’re up in the mountains you can reach them easily.

😜

But in all seriousness it’s concerning the number of data breaches happening. It’s practically impossible to not be affected by such breaches these days.

 

[rtkane]

Here come the "pay me $750 in bitcoin or I'll tell your wife about the texts between you and your girlfriend" scams.

 

[Fuzzball84]

bad but i could care less about old metadata like this

It’s amazing how much can be extracted from just meta data.

 

[brofkand]

Seems like every week AT&T is in the news with another breach or outage. They really need to invest in their backend.

 

[Squozen]

This is why I’m glad that I live in the EU. Companies are forced to actually give a **** about data security.

 

[Crowbot]

So we need to be alert for phishing and other scams. Just another Friday.

 

[neuropsychguy]

Here come the "pay me $750 in bitcoin or I'll tell your wife about the texts between you and your girlfriend" scams.

You don't fall for that if your girlfriend is your wife.

 

[zubikov]

That’s crazy!! Just curious, what kind if sinister extortion plot kinda stuff can hackers do with such a massive hoard of data?

 

[Corefile]

So ATT allows customer data to be stolen in one of the biggest fraud heists of all time. ATT should be fined $50 billion for this fraud. They are solely responsible for safeguarding that data and should give their lives for protecting it.

 

[Col4bin]

AT&T says that that no specific, private customer details or content of the actual messages themselves was leaked… Wish I could believe them as it sounds like damage control from the top. As a long-time customer, hope I’m wrong.

 

[rippley5150]

Will AT&T offer free credit motioning for a year ?

 

[gco212]

bad but i could care less about old metadata like this

It's sad that I agree with you. I should definitely care more, but whatever, I've been dulled to this.

 

[txscott]

Why has Snowflake not been sued into oblivion? Why are users not moving away en masse? This company should no longer exist. Its products are entirely unsafe and not fit for their purpose.

 

[JosephAW]

Wondering why AT&T needs to keep two year old records of call data on the cloud instead of moving them to an offline archive 🤔

 

[tridley68]

Never trusted the cloud not even for pictures .

 

[iMac The Knife]

This is why I always have my credit reports frozen with all three companies and I put everything on my Amex gold card. Never use a debit card for anything, unless you absolutely have to. If there is ever an issue with fraud, and luckily I've only every dealt with petty fraud on my account once (knock on wood), Amex takes care of it instantly without any hassle.

 

[mike090910]

Way to often companies pick the wrong contractors and not enough vetting is completed

 

[CharlesShaw]

So, am I correct in assuming that the contents of every text message is being stored by cellular companies for current and former customers, and that all of those will someday be stolen and become available for anyone to search? Similar to a story line in The Morning Show involving company emails

 

[dannyyankou]

I wish Apple would launch an MVNO. I would feel more comfortable with them.

Although it seems nothing too sensitive was hacked here, this could've been a lot worse.

Edit: Apparently the data stolen includes customers of MVNOs. So I guess forget about that idea.

 

[Robert.Walter]

Seems like every week AT&T is in the news with another breach or outage. They really need to invest in their backend.

Their c-suite needs a kick in the backend and to then be indicted.

Until management is criminally liable this cycle will continue.

 

[DMG35]

What is AT&T’s problem? Are they using a bad cybersecurity company or are they just too cheap to pay for services that will keep our data safe?

 

[adrianlondon]

Maybe they'll use that data to set up a better telco.