AT&T, the telecommunications behemoth, has confirmed it will soon alert millions of its users regarding a significant security lapse that resulted in unauthorized access to a vast majority of customer phone records, as disclosed to TechCrunch by a representative of the company.
According to an official release by AT&T, the compromised information encompasses the phone numbers of both mobile and fixed-line clients, alongside AT&T’s detailed logs of calls and SMS interactions — detailing the connections between different numbers — over a span from May 1, 2022, to October 31, 2022.
AT&T also mentioned that a segment of the breached data pertains to records up to January 2, 2023, affecting a smaller, yet indeterminate cluster of clients.
Moreover, the exposure wasn’t confined to AT&T’s direct customers; it also impacted users from other mobile service providers that utilize AT&T’s networking infrastructure, the company confirmed.
Though AT&T clarified that the breach did not compromise the content of communication, the stolen data did include metadata, such as interaction logs over calls and texts, the cumulative counts, and durations of these interactions without revealing the specific timing or dates.
Additionally, compromised data included cellular site identifiers linked to calls and messages which could potentially be exploited to infer the approximate location of the communications.
AT&T has committed to informing nearly 110 million affected customers about the incident, as informed by company spokesperson Andrea Huguely to TechCrunch.
To assist customers in navigating this issue, AT&T has set up a dedicated online resource and also proactively reported the breach to regulatory bodies as seen in their regulatory filing.
Intrusion Tied to Snowflake
The discovery of the data breach was made on April 19, distinct from a separate security issue identified in March, AT&T relayed. The most current compromise traces back to unauthorized access of Snowflake, a widespread cloud-based data storage giant, which has been under recent scrutiny for a series of breaches affecting its clientele.
What AT&T was storing on Snowflake and the decision behind it remains undisclosed, according to company spokesperson.
Following similar revelations by Ticketmaster and LendingTree’s QuoteWizard, among others, AT&T joins a growing list of companies acknowledging data thefts from Snowflake’s platform.
Snowflake has attributed these security breaches to a lack of multi-factor authentication by its clients, a security protocol it did not mandatorily impose.
Mandiant, a cybersecurity incident response team summoned by Snowflake, indicated that about 165 customer accounts experienced substantial data extractions, orchestrating these breaches to a financially driven group denoted only as UNC5537 with connections across North America and Turkey.
While certain businesses saw their compromised data leaked on illicit forums, AT&T believes its data has not been made publicly accessible as of yet.
AT&T is actively working with law enforcement agencies to apprehend those behind the attack, confirming at least one arrest outside the company. Details regarding the apprehension have been deferred to the FBI.
An FBI spokesperson, following up on the breach, indicated that both disclosures to the public and affected customers were strategically delayed in conjunction with AT&T, the FBI, and the Department of Justice to mitigate risks to national security and public safety.
This marks the second disclosed breach by AT&T this year, with the earlier incident leading to a forced reset of passcodes for millions of customers after a breach of encrypted customer account information was found on a cybercrime forum.
For further insights, visit TechCrunch:
Updated with remarks from the FBI.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
