Massive AT&T data breach impacted nearly every single customer
The stolen information includes phone numbers and text records.
AT&T just confirmed a massive data breach in 2022 that impacted “nearly all” of its customers, according to a statement provided by TechCrunch. The company had over 110 million wireless subscribers in 2022 so, yeah, this is kind of a big deal.
The data breach allowed hackers to steal phone numbers, text data and phone records from these people which, once again, comprises nearly the entire customer base, myself included. AT&T says it will begin notifying consumers about the breach in the near future, committing to informing the 110 impacted million customers. The breach occurred during a six-month period from May 1, 2022 to October 31, 2022, though it looks like some data kept getting stolen up until January 2, 2023. This latter breach impacts a smaller, though unspecified, number of consumers.
Now, before you start worrying about that embarrassing text you sent an ex back in 2022, AT&T says the breach “does not contain the content of calls or texts.” However, it does include the phone numbers that an account interacted with, as well as a complete count of a customer’s calls, texts and call durations, otherwise known as metadata. The time and date of the calls or texts were not included in the hack, according to AT&T.
However, the breach did include cell site identification numbers, which could “potentially allow for the triangulation of users' locations,” wrote Javvad Malik, a representative from cybersecurity awareness firm KnowBe4, in a statement to Engadget. Malik also painted a grim picture of what could be done with the stolen metadata, writing that it “can paint a detailed picture of an individual's daily life, habits, and associations, making it a valuable asset for those with malicious intent.”
AT&T has published a website with information for customers about the breach and has disclosed the hack in a regulatory filing issued before the market opened on Friday, July 12. The company says it learned of the issue on April 19 and that it has nothing to do with a previous security incident from March, in which customer data was published on the dark web.
So how did this happen? AT&T places the blame on its cloud data partner Snowflake, saying that the compromise occurred after hacks targeted its business customers. Snowflake allows corporate customers to store large amounts of customer data in the cloud for the purpose of analysis. AT&T hasn’t stated any reason as to why it would want to analyze massive amounts of customer data or why it would store this data with Snowflake. A company representative declined to provide further information to TechCrunch.
One thing is certain. AT&T isn’t the only company recently burned by a Snowflake hack. Other impacted companies include Ticketmaster and QuoteWizard, among more than 160 others. Snowflake, for its part, has shifted the blame back to AT&T and the others, saying that each organization didn’t use multi-factor authentication to secure their accounts. So, all 160+ companies forgot to turn on multi-factor authentication? You’d think something like that would be mandatory when dealing with massive amounts of customer data but, well, I guess not.
The breach has been tracked back to an uncategorized cybercriminal group known only as UNC5537, according to cybersecurity incident response firm Mandiant. That company suggests financial motivations behind the hack.
Despite the breach, AT&T says that the stolen data isn’t publicly available at this time. It’s currently working with law enforcement and says that “at least one person has been apprehended.”