Security breach: Cyber criminals get hold of data from almost all AT&T customers
The US telephone giant AT&T has to inform millions of consumers about a huge leak. It involves metadata such as call and text message records.
The connection data of several million AT&T customers was hacked in a cyber attack.
(Image: plantic\Shutterstock.com)
AT&T admitted a massive security failure on Friday. "We learned that AT&T customer data was illegally downloaded from our workplace to a third-party cloud platform," the US telecommunications giant said on its website. "We launched an investigation and brought in leading cybersecurity experts to determine the nature and scope of the problem." It turned out "that the downloaded data contained phone call and text message records from nearly all AT&T mobile customers from May 1, 2022 to October 31, 2022 and January 2, 2023. This metadata could be used to identify other telephone numbers "with which an AT&T mobile number interacted during this period". This included landline customers.
According to the company, the compromised data includes cell site identification numbers linked to phone calls and text messages. This information can be used to determine the location of a cell phone user, which in turn can be used to create movement profiles. According to the company, it also contains metadata from customers with telephone services from other mobile phone providers that are based on the AT&T network. The connection information also revealed the number of calls made or text messages sent as well as the total duration of calls for specific days or months.
The contents of the calls and text messages were not part of the downloaded archive, AT&T emphasized. There are also no time stamps. Also not affected are "details" such as social security numbers, dates of birth or other personal information. However, the names of customers assigned to a telephone number could be found using publicly available online tools, for example. According to the network operator, the access point has now been "secured" so that there is currently no risk of a further leak. It is not currently assumed "that the data is publicly available". An AT&T spokeswoman told TechCrunch that around 110 million of its own customers had to be informed about the massive outage.
US citizen allegedly arrested in Turkey
According to the report, the leak, which was discovered back in April, affected the cloud data giant Snowflake. It had recently been the target of several attacks in which customer data was illegally copied and in some cases already offered for sale on the darknet. The provider enables its corporate customers to analyze huge amounts of information about end users in the computer clouds. For example, Ticketmaster (Live Nation) with tickets for Taylor Swift concerts and QuoteWizard were affected by the attacks. Snowflake has blamed its customers for the security breaches because they did not use multi-factor authentication to secure their accounts.
"We continue to work with law enforcement to identify those involved" in the data theft, AT&T said. "Based on the information we have, we believe at least one person has been arrested." According to 404 Media, this is the US citizen John Binns, who was recently arrested at his long-time residence in Turkey. In 2021, the cyber crook confessed to breaking into the servers of T-Mobile in the USA, where he was able to access millions of customer data relatively easily due to inadequate security precautions.
In a blog post on the Snowflake case, IT security firm Mandant wrote in June that the cyber gang, known as UNC5537, was made up of individuals "residing in North America and working with another member in Turkey". AT&T has already been forced to reset the passwords of millions of customers this year after their credentials surfaced on a cybercrime forum.
(usz)
