If you’re a customer of AT&T, I have some really bad news for you. The telco announced that hackers have swiped data on pretty much all their customers:
We learned that AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform. We started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue. We have confirmed the access point has been secured.
Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.
At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended.
The thing that gets my attention is that this data was on a “third-party cloud platform”. After some hunting around I found this report from TechCrunch where it appears that AT&T has apparently become the latest victim of the Snowflake attacks that have been making the news lately. Ticketmaster for example is reportedly another victim of these Snowflake attacks.
Customers who are affect by this hack, and that to be clear is every AT&T customer, should expect this stolen data to be used to facilitate phishing and other attacks going forward. While AT&T does have a support article that details how you can protect yourself, the fact that all this data is out there is extraordinarily bad. And it will be bad for a long time to come.
UPDATE: John Gunn, CEO, Token had this to say:
This is what economists call a negative externality, the imposing of costs on a party, in this case ATT customers, as a direct effect of the actions of another party, in this case inadequate cybersecurity. The sudden rise in class action lawsuits where large groups of customers sue for huge sums of damages will likely soon be the remedy for this.
Pretty Much Every AT&T Customer Has Had Their Data Stolen By Hackers
Posted in Commentary with tags AT&T, Hacked on July 12, 2024 by itnerdIf you’re a customer of AT&T, I have some really bad news for you. The telco announced that hackers have swiped data on pretty much all their customers:
We learned that AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform. We started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue. We have confirmed the access point has been secured.
Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.
At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended.
The thing that gets my attention is that this data was on a “third-party cloud platform”. After some hunting around I found this report from TechCrunch where it appears that AT&T has apparently become the latest victim of the Snowflake attacks that have been making the news lately. Ticketmaster for example is reportedly another victim of these Snowflake attacks.
Customers who are affect by this hack, and that to be clear is every AT&T customer, should expect this stolen data to be used to facilitate phishing and other attacks going forward. While AT&T does have a support article that details how you can protect yourself, the fact that all this data is out there is extraordinarily bad. And it will be bad for a long time to come.
UPDATE: John Gunn, CEO, Token had this to say:
This is what economists call a negative externality, the imposing of costs on a party, in this case ATT customers, as a direct effect of the actions of another party, in this case inadequate cybersecurity. The sudden rise in class action lawsuits where large groups of customers sue for huge sums of damages will likely soon be the remedy for this.
1 Comment »