A breach of an AT&T cloud workspace has exposed phone numbers and metadata relating to calls and texts for nearly all AT&T wireless customers, as well as customers of other popular wireless service providers like Boost Mobile, Cricket Wireless, H2O, and Straight Talk Wireless.

The data breach was via a third-party cloud provider platform named “Snowflake”. Leaked Snowflake account credentials have already been the source of hundreds of breaches of other companies like Ticketmaster, Santander Bank, Lending Tree, Advance Auto Parts and Neiman Marcus.

AT&T’s hacker or hackers appear to have accessed its Snowflake cloud workspace between April 14 and April 25 of this year. https://www.snowflake.com/en/

During that 11-day window (from May 1 to Oct. 31, 2022, and on the day of Jan. 2, 2023) they managed to exfiltrate the records of “nearly all” of AT&T’s cellular customers and the numbers of customers of other wireless carriers who exchanged calls or messages with those AT&T customers.

The May to October breach includes records of calls and texts, including the phone numbers involved, and information such as the volume and cumulative duration of those calls. The Jan. 2 records also included cell site identification numbers (unique identifiers for cell towers). The cell site identification could potentially allow for the triangulation of user’s physical locations. This data can paint a detailed picture of an individual’s daily life, habits and associations. The exposed data could be exploited for sophisticated phishing attempts, identity theft, and other criminal activities for years to come

Earlier this year, data belonging to more than 70 million AT&T customers leaked to the Dark Web. The data included all the hallmarks of personally identifying information, like Social Security numbers, mailing addresses, and dates of birth.

AT&T paid the hacker a ransom of $370,000 (negotiated down from $1 Million) with the understanding that the criminal would delete all the data he had stolen. The hacker even sent a “video” to AT&T as proof that he had deleted the stolen data from his computer. My opinion… As these cyber criminals are always “fine, upstanding individuals” I wouldn’t believe a word they said or a video they made.

In a regulatory filing it made to the Securities and Exchange Commission last Friday, AT&T said that it first learned of the breach in April. AT&T has said they will reach out to their customers concerning this breach….

Read the Wired story here:
https://www.wired.com/story/atandt-paid-hacker-300000-to-delete-stolen-call-records/

Thanks to the Verge and Wired for this information

David Snell regularly joins Rob Hakal and the South Shore’s Morning News every Tuesday morning at 8:11. You can listen in on 95.9 WATD or hear the recording on David’s blog at ACTSmartIT.com