Massive AT&T data breach impacted nearly every single customer


AT&T has confirmed a massive data breach in 2022 that affected nearly all of its customers. . In 2022, the company had over 110 million wireless subscribers, so yeah, that’s a big deal.

The data breach allowed hackers to steal these people’s phone numbers, text data, and phone records, which once again affected almost their entire customer base, including myself. AT&T will begin notifying consumers of the breach in the near future, committing to notify the 110 million affected customers. The breach occurred over a six-month period from May 1, 2022 to October 31, 2022, but it appears that some data continued to be stolen until January 2, 2023. This latter breach affects a smaller but unspecified number of consumers.

Now, before you start worrying about that embarrassing text you sent your ex back in 2022, AT&T says the breach “did not involve the content of calls or texts.” However, this includes the phone numbers the account has interacted with, as well as the exact number of calls, texts, and call durations otherwise known as metadata. According to AT&T, the time and date of calls or texts were not included in the hack.

However, Javad Malik, a spokesman for the cybersecurity information firm, wrote that the breach also included mobile site identification numbers that “could have allowed the triangulation of users’ locations.” , in a statement to Engadget. Malik also paints a grim picture of what can be done with stolen metadata, writing that it “can create a detailed picture of a person’s daily life, habits and associations, making them a valuable asset to those with malicious intent.”

There is AT&T Released information about the breach and hack for customers Issued prior to the market opening on Friday, July 12. The company says it learned about the problem on April 19 and says it is unrelated. where customer information is published on the dark web.

So how did it happen? AT&T is blaming cloud data partner Snowflake, saying the compromise followed attacks on its business customers. Snowflake enables enterprise customers to store large amounts of customer data in the cloud for analysis. AT&T has not given any reason why it would want to analyze large amounts of customer data or why it would store that data with Snowflake. A company representative declined to provide additional information TechCrunch.

One thing is certain. AT&T isn’t the only company burned by the Snowflake hack recently. Other companies affected include Ticketmaster and QuoteWizard, among more than 160 others. Snowflake, in turn, blamed AT&T and others, saying not every organization uses multi-factor authentication to protect their accounts. So all 160+ companies forgot to turn on multi-factor authentication? You’d think something like this would be mandatory when dealing with large amounts of customer data, but I guess not.

The breach was reportedly traced to an unclassified cybercriminal group known only as UNC5537. . That company suggests financial motives behind the hack.

Despite the breach, AT&T says the stolen data is not currently publicly available. He is currently working with law enforcement agencies and says “at least one person has been arrested.”

This article contains affiliate links; we may earn a commission if you click on such a link and make a purchase.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *