In a nutshell: Hackers stole greater than 100 million AT&T prospects’ cellphone data from 2022. The data from a six-month interval contained metadata, together with cellphone numbers, name and textual content counts, durations, and, in some circumstances, tower ID numbers. Nonetheless, the contents of textual content messages and calls weren’t accessed.
On Friday, AT&T disclosed a large information breach that uncovered the cellphone data of almost all of its 110 million prospects. TechCrunch notes that though the corporate found the intrusion on April 19, the data accessed had been from Could 1, 2022, and October 31, 2022. Extra information from January 2, 2023, was additionally compromised. The info cache contained cellphone numbers and data of calls and textual content messages from mobile and landline customers.
The wi-fi supplier mentioned the breach didn’t embody the content material of calls or texts however did reveal metadata, together with who contacted whom, the whole depend of calls and texts, and name durations. Some data additionally contained cell website identification numbers, which unhealthy actors may probably use to approximate the situation of calls and texts.
The breach additionally affected prospects of different carriers utilizing AT&T’s community, broadening its affect considerably. The corporate mentioned it will notify its prospects affected by the breach however did not point out actions relating to the opposite affected suppliers.
We have now an ongoing investigation into the AT&T breach and we’ re coordinating with our regulation enforcement companions.
– The FCC (@FCC) July 12, 2024
Apparently, this intrusion is linked to the current Snowflake breach. Snowflake is a cloud information supplier whose prospects, together with AT&T, Ticketmaster, and QuoteWizard, suffered from unauthorized entry to information saved on the corporate’s cloud servers. Researchers decided the foundation trigger was an absence of enforced multi-factor authentication (MFA) on Snowflake accounts, leaving them susceptible to assault.
Cybersecurity agency Mandiant, aiding Snowflake, reported that hackers stole a big quantity of knowledge from roughly 165 prospects. They attributed the breach to a cybercriminal group generally known as UNC5537, with members from North America and Turkey.
In response to the breach, AT&T has been working carefully with regulation enforcement to trace down the cybercriminals concerned. The corporate confirmed that at the least one individual was apprehended, noting that it was not an AT&T worker. As talked about, the assault occurred in April, however the FBI and the Division of Justice requested AT&T to delay public notification twice resulting from potential nationwide safety and public security dangers. The FCC tweeted that it was additionally concerned and conducting an investigation.
This breach marks AT&T’s second main safety incident this 12 months. Earlier, the corporate needed to reset account passcodes after encrypted buyer information appeared on a cybercrime discussion board. The convenience with which unhealthy actors may decrypt these passcodes prompted the service to take swift protecting motion, however solely after denying the breach for 2 weeks.
These involved can discover extra info relating to the incident on AT&T’s devoted web site. The corporate says it continues to work diligently to stop additional unauthorized actions.
Picture credit score: Mike Mozart