Information such as phone numbers and text records have been taken without permission.
According to a statement that was provided by TechCrunch, AT&T has just stated that it has confirmed a significant data breach that occurred in 2022 and affected “nearly all” of its subscribers. In the year 2022, the corporation had more over 110 million wireless users, thus it is safe to say that this is a significant achievement.
As a result of the data breach, hackers were able to collect phone numbers, text data, and phone records from these individuals, who, once again, make up virtually the entire client base, including myself. AT&T has stated that it would begin notifying customers about the incident in the near future, and it has dedicated itself to informing the 110 million customers who were affected by the theft. The security breach took place over a period of six months, beginning on May 1, 2022 and ending on October 31, 2022; nevertheless, it appears that some data continued to be improperly obtained until January 2, 2023. A smaller number of customers are affected by this subsequent incident, although the exact amount is unknown.
AT&T has stated that the hack “does not contain the content of calls or texts.” This provides you with some peace of mind before you start thinking about that awkward text you sent to an ex-girlfriend back in 2022. On the other hand, it does include the phone numbers that an account communicated with, in addition to a comprehensive count of a customer’s calls, messages, and call durations, which is referred to as metadata. AT&T claims that the hack did not contain the time and date of the calls or texts that were attempted to be accessed.
However, the breach did include cell site identification numbers, which might “potentially allow for the triangulation of users’ locations,” according to a statement that was provided to newtechmania by Javvad Malik, a representative from the cybersecurity awareness organization KnowBe4. Malik also offered a bleak image of what could be done with the stolen metadata. He wrote that it “can paint a detailed picture of an individual’s daily life, habits, and associations, making it a valuable asset for those with malicious intent.” Malik used this phrase to describe the potential consequences of the stolen metadata.
AT&T has announced the intrusion in a regulatory filing that was filed prior to the opening of the market on Friday, July 12. Additionally, the company has launched a website that provides customers with information regarding the system breach. The company claims that it became aware of the problem on April 19 and that it is unrelated to a previous security breach that occurred in March, in which client information was made available on the dark web.
How exactly did this come about? Snowflake, AT&T’s cloud data partner, is being held responsible for the breach, according to the company, which claims that the breach occurred after hackers targeted its corporate clients. The Snowflake platform gives business clients the ability to store substantial amounts of consumer data in the cloud for the purpose of doing analysis. AT&T has not provided any explanation as to why it would like to analyze enormous volumes of consumer data or why it would choose to store this data with Snowflake. TechCrunch was informed by a representative of the company that they would not disclose any additional information.
What is certain is one thing. Among the companies that have been recently hacked by Snowflake, AT&T is not the only one. Ticketmaster and QuoteWizard are two of the additional companies that have been affected, along with more than 160 others. Snowflake, for its part, has moved the blame back to AT&T and the other organizations, stating that each of them did not employ multi-factor authentication to secure their clients’ accounts. Do you mean that all of the more than 160 organizations failed to activate multi-factor authentication? When dealing with enormous volumes of consumer data, you would assume that something like that would be required, but I guess that is not the case.
According to the cybersecurity incident response firm Mandiant, the intrusion has been traced back to an unclassified cybercriminal group that is only known by the name UNC5537. The hack appears to have been motivated by financial considerations, per that company.
Even though there was a breach, AT&T has stated that the data that was stolen is not yet accessible to the general public. The organization is now collaborating with law enforcement and has reported that “at least one person has been apprehended.”