News
AT&T: ‘nearly all’ of your phone records were leaked in data breach
AT&T has disclosed a massive data breach in which hackers stole phone records and text message metadata for nearly all of its cellular customers from May 2022 to January 2023,
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Imagine a treasure trove of sensitive data brimming with the phone records of nearly every AT&T customer. Now, picture that trove spilling wide open, its contents snatched up by hackers and cybercriminals.
This isn’t a scenario from a dystopian thriller – it’s the grim reality of AT&T’s latest data breach.
In a disclosure that’s left millions on edge, the telecom giant confessed that hackers made off with a staggering haul of phone records spanning six months in 2022.
We’re talking call logs, text message metadata, and even location-tinged details for a vast swath of customers.
If you’re on AT&T, chances are your data is caught up in this mess. A statement on the company’s website explains further what happened:
“We learned that AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform. We started an investigation and engaged leading cybersecurity experts to help us determine the nature and scope of the issue. We have confirmed the access point has been secured.
Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.
At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended.”
So, how did this security debacle unfold?
What You Need to Know
- The breach occurred between May 1, 2022, and October 31, 2022, and some data from January 2023 was also compromised.
- Stolen data includes phone numbers, call and text logs, and some location-related details.
- AT&T claims the content of calls and texts was not compromised, but the metadata could still be highly revealing.
- The breach affects not only AT&T customers but also those of other carriers that rely on AT&T’s network.
- AT&T stored the compromised data on Snowflake, a cloud platform that has been targeted by a string of recent attacks.
According to BleepingComputer, the whole thing traces back to AT&T’s decision to store sensitive customer data on Snowflake, a cloud-based platform that’s emerged as a prime target for cybercriminals.
In a wave of attacks, hackers exploited weaknesses in Snowflake’s security, stealing a trove of data from AT&T and other affected companies.
The fallout is just beginning. AT&T is notifying the 110 million customers whose data was compromised, and the company claims to be collaborating with law enforcement to track down the culprits.
READ MORE: The best VPN Service (2024)
But with such a vast amount of sensitive data now in the wild, the potential for misuse is staggering.
Scammers and phishers could leverage these call and text records to craft highly targeted attacks, potentially tricking victims into handing over even more sensitive information.
This breach serves as a stark reminder of the risks we face in an era where our personal data is scattered across countless cloud platforms, often with little transparency or oversight.
As AT&T scrambles to contain the damage, its customers wonder: Can we ever truly trust that our data is secure?
Protecting Yourself
While AT&T sorts through this mess, there are steps you can take to safeguard your security:
- Be wary of suspicious calls and texts. Scammers may try to leverage the stolen data to craft convincing phishing attempts.
- Monitor your accounts closely for any signs of unauthorized activity.
- Consider registering for free credit monitoring services, which AT&T is offering to affected customers.
- Demand more transparency from your providers about how your data is stored and secured.
This breach is a wake-up call, highlighting the urgent need for greater accountability and safeguards in an age where our personal data is the ultimate prize for cybercriminals.
As the fallout continues to unfold, one thing is clear: the era of complacency is over. It’s time for both companies and consumers to get serious about strengthening their defenses and reclaiming control over their digital lives. The good old days are over, folks.
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.
Editors’ Recommendations:
- Ticketmaster’s latest data breach – How to check if you’re affected
- Comcast hit by huge data breach: everything you need to know
- 23andMe urges users to change passwords after major data breach
- Twitter data breach exposes millions of email addresses