Hackers Steal Phone Records of 'Nearly All' AT&T Customers

[burgman]

Another breach another year or more of free Experian credit monitoring. With all the large companies that have experienced hacks I haven’t paid for monitoring in years. Only hassle so far is script kitty email phishing attempts. A few are very sophisticated but most are laughable. Also laughable is how bad Apple mail is compared to Gmail and Microsoft in dealing with it. This breach contains the same info as data brokers have had for years legally. The earlier AT&T breach is far more serious. A major healthcare breach was just announced, another credit monitoring apology letter incoming 😂

 

[iMac The Knife]

That utilization amount depends on when the credit card company reports to the credit bureaus. If they report just before you pay monthly, your utilization will be high. If they report just after you pay the utilization will be low. Reporting is not done in conjunction with billing cycles.

Paying monthly I would be fairly certain there is not an issue with your utilization.

Right, exactly. I've never had my score lowered due to my credit utilization using the aforementioned approach.

 

[neliason]

AT&T will end up paying some small fine, which goes to the government, not the customers. The CEO will not lose his job and will continue to make millions of dollars each year for his expert oversight. So, this will continue to happen because there is no meaningful liability or accountability.

 

[surfzen21]

I can't wait for my $3.46, sorry check from, AT&T in 2028 and the full investigation.

 

[HMI]

I'm sorry? Does AT&T not have enough of my money and data by now to retain my customer data on their own servers? Why would they need to use a third party for "just metadata", much less with some clown-sounding company named "Snowflake?" Seriously?!

I'm not a security expert, but I'm fairly certain that if I don't want customer data to become accessible to others, then maybe I won't share it with others to begin with!

What the actual.......?

And why does it take nearly 3 months to report something they found in April?
Were they trying to protect their market value from investors for the previous quarter? Hmmmm

Such BS!!

 

[AZhappyjack]

Hackers broke into a cloud platform used by AT&T and accessed the phone records of "nearly all" of its cellular customers, AT&T announced on Friday.

AT&T said the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages across a six-month period between May 1, 2022 and October 31, 2022.

AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller, unspecified number of customers, as well as call records of customers with other cellular carriers that rely on AT&T's network.

Some of the records include cell site identification numbers linked to calls and texts, which can be used to work out the approximate location of where a call was made or message sent.

The downloaded data doesn't include the content of any calls or texts, or their time stamps, according to AT&T. It also doesn't have any details such as Social Security numbers, dates of birth, or other personally identifiable information.

AT&T said it learned of the data breach on April 19, and that it is unrelated to an earlier security incident in March. The company said it does not believe the data is publicly available at this time, and it continues to work with law enforcement to identify and apprehend those involved. At least one person is said to have been arrested.

AT&T told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake's customers. Other companies that have confirmed stolen data from Snowflake include Ticketmaster, QuoteWizard, and others.

Cybersecurity researchers from incident response firm Mandiant say the hacker group is mostly based in the US and those involved are financially motivated.

AT&T customers concerned about phishing and smishing scams should visit the company's support article, which also includes advice on how to protect yourself from online fraud.

Article Link: Hackers Steal Phone Records of 'Nearly All' AT&T Customers

Wow. The data was stolen on April 19. Today is July 12, almost 3 months later and NOW we're finally hearing about it? The FCC and FTC need to fine AT&T out of business. There's no excuse for a 3 month delay in disclosing this information.

 

[sloheim]

Yes, thanks to capitalism:

They still need to compete in the telecom market. If they pass these expensive errors onto their customers, they'll leave, and another competitor will succeed.

So no, they won't pass on these costs. They will become more secure and more efficient.

Where are they going to go? T-Mobile? Just as many data breaches. Verizon? Also, data breaches. Fine them all... and they'll all just keep raising prices.

 

[webkit]

This happened in April and we are just hearing about it? Especially after the other occurred in March?!

Wow. The data was stolen on April 19. Today is July 12, almost 3 months later and NOW we're finally hearing about it? The FCC and FTC need to fine AT&T out of business. There's no excuse for a 3 month delay in disclosing this information.

I believe AT&T is claiming that law enforcement agencies asked them to delay public disclosure while initial investigations were ongoing.

 

[AZhappyjack]

I believe AT&T is claiming that law enforcement agencies asked them to delay public disclosure while initial investigations were ongoing.

Massively annoyed at the entire process... this is nothing more than a crappy excuse, IMO...

 

[Fred Zed]

And they’ll compensate customers by raising prices promising to increase security. What a joke.

Yep that’s the American version of capitalism. A bit like corporations donating to good causes. Yeah right. 🤣

 

[Luposian]

I've been hit by one of those once or twice... I laugh, because I know there is NO such data like that on my phone or on any of my computers. I told the last guy who tried that, to do their worst! Of course, nothing happened. They're assuming they'll find SOMEONE who is actually GUILTY of such activity and has something to hide. But it ain't me. You ain't GETTING my Bitcoin for NUTHIN'!

It's like those pages; "We've found viruses on your computer!" (I've been reading some CNN articles (or maybe click-bait) when they pop up... so annoying) and they scan all these supposed files and .EXE's and .DLLs... except, there's one problem... I WAS ON MY MAC!!! MAC'S DON'T HAVE .EXE's and .DLL's! HAHAHAHAHA! So, now I know they're just "click-traps" and I simply close the Browser tab and figure whatever I was reading when it popped up wasn't that important, to begin with. Kinda like those CNN/Fox News pages that say you have to sign in/up to view the whole article. Nope... not interested. Bye!

 

[tivoboy]

These companies constantly preach to us about security and they allow a hacker in to steal EVERYTHING!

Guess it a bit late happening back in April!

Might not really even be a “hacker”. Apparently at least ONE person is already in custody.. my bet, is some Snowflake company ADMIN who either did this rogue, or let someone else in purposely or unknowingly.

 

[tivoboy]

And they’ll compensate customers by raising prices promising to increase security. What a joke.

Well, the already RAISED prices in between WHEN this occurred and now, so maybe they did that prior to announcing the breach - which they have now KNOW ABOUT SINCE 2022

At some point in the next 90 days EVERY SINGLE AT&T customer will get a 5-10$ bill credit.

 

[mentaluproar]

Hey, for once it's not T-mobile!

 

[6787872]

Except your phone number, IMEI, approximate location at the time of every call/text in a six month timeframe, and who you communicate with the most often and when isn't "metadata" it's PII and for some people this all could be highly sensitive details about themselves. Like was this meant to be a serious comment or did you just leave off the little '/s' sarcasm tag by accident? Because I don't think you know what metadata really is which is more along the lines of info about the size of a file, resolution dimensions of an image, etc. Here's a helpful tip for remembering the difference between PII and metadata: the buyers on the dark web black market have zero interest in paying some data thief to find out how many texts I've sent that were under 100KB in size.

so? this is no concern to anyone that is not a criminal.

you've been watching too many movies.

 

[Black Magic]

Well, the already RAISED prices in between WHEN this occurred and now, so maybe they did that prior to announcing the breach - which they have now KNOW ABOUT SINCE 2022

At some point in the next 90 days EVERY SINGLE AT&T customer will get a 5-10$ bill credit.

yea, but the last time in March, they didn't pay you out. you had to call and remind them to get the $5.

 

[raythompsontn]

Does AT&T not have enough of my money and data by now to retain my customer data on their own servers?

It was not AT&T servers that were compromised. It was a third party. AT&T had already sold your data to another company. That was probably on page 176 on the agreement you signed that gave AT&T permission to sell your data. You did read ALL of the contract, didn't you.

 

[Apleeseed84]

This is why we should all be concerned about our data in the cloud. There is no security up there… especially if China is sending up “weather” balloons and collecting phone records as it traverses some clouds. They need to have fighter jets protecting all of these companies using the clouds.

I mean you don’t even need a weather balloon. If you’re up in the mountains you can reach them easily.

😜

But in all seriousness it’s concerning the number of data breaches happening. It’s practically impossible to not be affected by such breaches these days.

LOL nah, cloud providers only handle the security of the infrastructure, us customers are the ones responsible for securing our own data inside their infrastructure. Therefore they can be secure only as we set them out to be.

 

[ellpee]

I wonder how many people know that these 5G networks were paid for by you the customer through fees that were supposed to be used for fiber internet to the home on a national level?

 

[MTShipp]

This is why I always have my credit reports frozen with all three companies…

There are 4. Innovis is a fourth one you should freeze. I too froze all of mine.

 

[Flight Plan]

Obviously these hackers need to be held accountable but at this stage of our technology development, so do the companies that have been hacked. Not only for being infiltrated, but also for any future losses customers incur from this crime.

The hackers should be punished to within an inch of their lives. THAT is how you stop crime. But it only works if you have due process, which we no longer have in America.

Here come the "pay me $750 in bitcoin or I'll tell your wife about the texts between you and your girlfriend" scams.

As long as they don’t tell my girlfriends about my wives, we’re good!

This is why I’m glad that I live in the EU. Companies are forced to actually give a **** about data security.

No, all you have is more government bureaucracy. There is no “giving a ____ about data security” when you are forced by a government that you had no power in electing to make you do stuff.

It's sad that I agree with you. I should definitely care more, but whatever, I've been dulled to this.

Me too. I’m actually more interested in getting rid of all the political text messages saying “the country is lost”, and ending in “stop=end”.

This is why I always have my credit reports frozen with all three companies and I put everything on my Amex gold card. Never use a debit card for anything, unless you absolutely have to. If there is ever an issue with fraud, and luckily I've only ever dealt with petty fraud on my account once (knock on wood), Amex takes care of it instantly without any hassle.

I may do the freeze thing. But I don’t use credit cards. Debit cards, if they are administered by Visa, Mastercard, or somebody else big, have all the same protections as credit cards. Without the whole “going into debt” thing…which is a no-go for me.

Their c-suite needs a kick in the backend and to then be indicted.

Until management is criminally liable this cycle will continue.

Until we start hanging some hackers, this cycle will continue. But even just throwing them in prison or letting their victims beat them in the street would probably stop the cycle too. As long as we have due process. Which we no longer do.

Time for these companies to have to payout to their customers. Giving the .gov $50 billion in fines and give me some "free" credit monitoring service is crap

Fine the companies, sure. But first, we need to make hacking and scamming a very pain-prone profession. And yes, I do mean physical pain; not just public shaming. There should be a physical punishment component. I’d be happy with putting them in prison and making them work on chain gangs, as long as we don’t let them out of jail when Covid 25 hits and we have lockdowns all over again.

Oh boy, let's find out who the members of Congress and the Supreme Court justices are communicating with. Fun!

Why stop there? Let’s see what our slacker county commissioners, sheriff deputies, USPS mail carriers, and circuit court judges are doing in their spare time. Unelected bureaucrats of all kinds should be included too! While we’re at it, we can violate the constitutional rights of all of our political enemies. The sky is the limit! Well, until they start looking at us, right?

 

[jbachandouris]

Fortunately I log into my bank account obsessively. Found a $99 pending charge. My credit union canceled the transaction and shut off my debit card. So even debit cards can be protected if you have a decent bank.

Apparently it was a charge due to a subscription I didn’t mean to sign up for. Racing club membership (running). Must have checked the wrong box.

So, no fraud.

 

[eltoslightfoot]

Hey, for once it's not T-mobile!

I'd be lying if I didn't have the same thought...

 

[TheRealAlex]

AT&T Keeps the Contents of Your Calls ? How ?

I personally don’t have any AT&T accounts.

 

[BP9906]

Why has Snowflake not been sued into oblivion? Why are users not moving away en masse? This company should no longer exist. Its products are entirely unsafe and not fit for their purpose.

Everyone uses them for data warehouse but they (Snowflake) don’t make it easy to enforce 2FA. Every other company in the news in the last few years is because they’re not using 2FA and people are reusing passwords.

The standard today is:

• 2FA on all accounts
• Password manager everything with unique passwords

Any company or person not doing it is accepting the risk losing personal information for themselves and others.