Hackers Steal Phone Records of 'Nearly All' AT&T Customers

[Dark_Omen]

Seems like every week AT&T is in the news with another breach or outage. They really need to invest in their backend.

I use their backend. You’d be amazed how stupid OPUS is, and they make us use it for pretty much everything. They try to fix one thing but then break another, and then while it’s broken, they’ll tell salesmen to have the customer come back later once it’s fixed, etc.

Or the random errors that prevent a transaction from being completed so you have to start all over again or call into IT and have them fix it.

You can then take one look at the app and see how it’s barely functional, flickers, etc.

The CEO is too busy closing stores and converting others to authorized retail, that their IT department runs around breaking everything with no consequences.

CEO needs to be replaced ASAP, along with the head of IT

 

[Corefile]

When you have experienced loss or damage from said compromise, go get a lawyer. Until then, no harm, no money.

We're the victims of ATT malpractice. It's not about harm as much about trust and absolute accountability. I want to see a company like ATT crashed into the ground for their carefree and shoulder shrugging attitude towards fraud against customers.

 

[Corefile]

Your posts have to be a joke/trolling...right?

Get out of here with your childish retorts. We're trying to discuss real life victims.

 

[Dark_Omen]

What is AT&T’s problem? Are they using a bad cybersecurity company or are they just too cheap to pay for services that will keep our data safe?

They can’t even pay for functional systems, yet alone safe ones. Try using their point of sale system sometime.

 

[DEMinSoCAL]

We're the victims of ATT malpractice. It's not about harm as much about trust and absolute accountability. I want to see a company like ATT crashed into the ground for their carefree and shoulder shrugging attitude towards fraud against customers.

You do realize ATT was not the target of the breach? Since you infer you're a corporate attorney, what malpractice did ATT commit? It was cloud provider SNOWFLAKE that was breached, not ATT.

 

[slippery-pete]

Get out of here with your childish retorts. We're trying to discuss real life victims.

Yes, real life victims!

 

[DEMinSoCAL]

Get out of here with your childish retorts. We're trying to discuss real life victims.

So you ARE joking! 😂

 

[ChrisA]

I can just see the meeting where some AT&T managers got together and asked "Which will cost less, encrpting our data or paying fines and law suits for data breeches?" One of then said "Encrption costs almost nothing except you have to pay an expert to set it up." The others only heard that one phrase "pay and expert" and decided to just go with the fines and lawsuits because that is a future cost, while paying the expert comes out of this quarter's budget.

You all think I'm kidding. No, they obviously were THAT short sighted.

 

[raghu8912]

AT&T will pay $100M in fine, live will be as usual, there wont be any security updates.
they don't care and don't want to spend any money on data security.
Politicians are busy fighting within themselves.

 

[raghu8912]

These companies constantly preach to us about security and they allow a hacker in to steal EVERYTHING!

Guess it a bit late happening back in April!

password length: 12
Special characters allowed: #$(*&
Need at least one Chinese character
at least one Japanese character
one capital letter
4 numbers
numbers can't be in order
can use only 2 numbers in sequence
blah blah blah

basically i have chit sheet for passwords

 

[raythompsontn]

If this were the case, why would a hacker even bother in the first place?

Because the hacker thought they were getting something other than what they got. I doubt a hacker carefully scrutinizes the information before downloading. What the hacker got is probably useless as a device to extract money and is worth little to nothing on the dark web.

 

[roar08]

That’s crazy!! Just curious, what kind if sinister extortion plot kinda stuff can hackers do with such a massive hoard of data?

Probably not sinister but it includes location data and depending on how much of it they have and the shape of the data, they can sell it — probably more than once too.

 

[robbieleffel]

Hackers broke into a cloud platform used by AT&T and accessed the phone records of "nearly all" of its cellular customers, AT&T announced on Friday.

AT&T said the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages across a six-month period between May 1, 2022 and October 31, 2022.

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller, unspecified number of customers, as well as call records of customers with other cellular carriers that rely on AT&T's network.

Some of the records include cell site identification numbers linked to calls and texts, which can be used to work out the approximate location of where a call was made or message sent.

The downloaded data doesn't include the content of any calls or texts, or their time stamps, according to AT&T. It also doesn't have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

AT&T said it learned of the data breach on April 19, and that it is unrelated to an earlier security incident in March. The company said it does not believe the data is publicly available at this time, and it continues to work with law enforcement to identify and apprehend those involved. At least one person is said to have been arrested.

AT&T told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake's customers. Other companies that have confirmed stolen data from Snowflake include Ticketmaster, QuoteWizard, and others.

Cybersecurity researchers from incident response firm Mandiant say the hacker group is mostly based in the US and those involved are financially motivated.

AT&T customers concerned about phishing and smishing scams should visit the company's support article, which also includes advice on how to protect yourself from online fraud.

Article Link: Hackers Steal Phone Records of 'Nearly All' AT&T Customers

That data was encrypted though, right? Right?!

 

[iMac The Knife]

Yes! Credit freeze, and temporary thaw, is so easy to do now, no reason to not do that by default. My debit card is in a drawer. I would question one credit card, though, your credit utilization can be higher, not good for credit score? It’s pretty easy to track usage and possible fraud on 2-3 cards.

I should've mentioned this earlier, but I also pay my two cards off in full every month. This way I don't have to worry about credit utilization.

 

[Analog Kid]

Obviously these hackers need to be held accountable but at this stage of our technology development, so do the companies that have been hacked. Not only for being infiltrated, but also for any future losses customers incur from this crime.

Yep. These things have become too commonplace because businesses aren't incentivized to properly protect their (our) data. Everybody gets a year of free credit score monitoring isn't a sufficient disincentive. If you want something to change, the risk of not changing needs to be high enough to motivate it. The shareholders need to be made to take notice.

 

[Sevendaymelee]

For those who get upset about this... it's just part of the system. If you want privacy, you can not use smartphones and other such devices. You can't even use the internet. You have to go dark yourself. It's the only way.

 

[Gengar]

Were the “furry hackers” behind this as well?

 

[fontman]

Hackers broke into a cloud platform used by AT&T and accessed the phone records of "nearly all" of its cellular customers, AT&T announced on Friday.

AT&T said the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages across a six-month period between May 1, 2022 and October 31, 2022.

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller, unspecified number of customers, as well as call records of customers with other cellular carriers that rely on AT&T's network.

Some of the records include cell site identification numbers linked to calls and texts, which can be used to work out the approximate location of where a call was made or message sent.

The downloaded data doesn't include the content of any calls or texts, or their time stamps, according to AT&T. It also doesn't have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

AT&T said it learned of the data breach on April 19, and that it is unrelated to an earlier security incident in March. The company said it does not believe the data is publicly available at this time, and it continues to work with law enforcement to identify and apprehend those involved. At least one person is said to have been arrested.

AT&T told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake's customers. Other companies that have confirmed stolen data from Snowflake include Ticketmaster, QuoteWizard, and others.

Cybersecurity researchers from incident response firm Mandiant say the hacker group is mostly based in the US and those involved are financially motivated.

AT&T customers concerned about phishing and smishing scams should visit the company's support article, which also includes advice on how to protect yourself from online fraud.

Article Link: Hackers Steal Phone Records of 'Nearly All' AT&T Customers

sad AT&T is a very confused company of who they want to be and have been for years

 

[Mity]

This is why I switched to pre-paid. That way, I don't have to give them my SSN.

 

[tagmut]

Hackers broke into a cloud platform used by AT&T and accessed the phone records of "nearly all" of its cellular customers, AT&T announced on Friday.

AT&T said the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages across a six-month period between May 1, 2022 and October 31, 2022.

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller, unspecified number of customers, as well as call records of customers with other cellular carriers that rely on AT&T's network.

Some of the records include cell site identification numbers linked to calls and texts, which can be used to work out the approximate location of where a call was made or message sent.

The downloaded data doesn't include the content of any calls or texts, or their time stamps, according to AT&T. It also doesn't have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

AT&T said it learned of the data breach on April 19, and that it is unrelated to an earlier security incident in March. The company said it does not believe the data is publicly available at this time, and it continues to work with law enforcement to identify and apprehend those involved. At least one person is said to have been arrested.

AT&T told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake's customers. Other companies that have confirmed stolen data from Snowflake include Ticketmaster, QuoteWizard, and others.

Cybersecurity researchers from incident response firm Mandiant say the hacker group is mostly based in the US and those involved are financially motivated.

AT&T customers concerned about phishing and smishing scams should visit the company's support article, which also includes advice on how to protect yourself from online fraud.

Article Link: Hackers Steal Phone Records of 'Nearly All' AT&T Customers

This happened in April and we are just hearing about it? Especially after the other occurred in March?!

 

[TTTedP]

Yeah, I mean it is true. If you look up these days there’s way more clouds. Because everyone keeps storing things up there. The issue I have is that what goes up eventually comes down… and some people have their entire phones backed up there. I just hope their backups don’t hit me on the head one day. I have enough of a time avoiding bird poo.

and cloud seeding is further proof. They're laying ground work for more storage.

We could start our own QAnon cult!

 

[FineWoven]

Damn I think this period in question was before I ditched AT&T so I worry I may be a victim of what happened. I couldn't get away from that company fast enough and I'm eager to boot their broadband service as well once the promising new player here in town expands their fiber lines out to our neighborhood in the near future, but at least most of the data privacy and service reliability concerns seem to be with their cellular infrastructure. Anyone still willfully subscribing to this incompetent company's phone plans deserves whatever they have coming to them after so many embarrassing incidents in recent months. How they still have any wireless customers left is astounding to me.

 

[FineWoven]

bad but i could care less about old metadata like this

Except your phone number, IMEI, approximate location at the time of every call/text in a six month timeframe, and who you communicate with the most often and when isn't "metadata" it's PII and for some people this all could be highly sensitive details about themselves. Like was this meant to be a serious comment or did you just leave off the little '/s' sarcasm tag by accident? Because I don't think you know what metadata really is which is more along the lines of info about the size of a file, resolution dimensions of an image, etc. Here's a helpful tip for remembering the difference between PII and metadata: the buyers on the dark web black market have zero interest in paying some data thief to find out how many texts I've sent that were under 100KB in size.

 

[raythompsontn]

I should've mentioned this earlier, but I also pay my two cards off in full every month. This way I don't have to worry about credit utilization.

That utilization amount depends on when the credit card company reports to the credit bureaus. If they report just before you pay monthly, your utilization will be high. If they report just after you pay the utilization will be low. Reporting is not done in conjunction with billing cycles.

Paying monthly I would be fairly certain there is not an issue with your utilization.

 

[tennisproha]

And they’ll compensate customers by raising prices promising to increase security. What a joke.