Connect with us

Tech

AT&T Confirms Massive Data Breach Impacting Customers and MVNOs

Published

on

American telecommunications giant AT&T has officially confirmed a significant data breach that has impacted both its customers and mobile virtual network operator (MVNO) users on its network. The breach, stretching back to the period between May 1 and October 31, 2022, was a result of threat actors gaining access to an AT&T workspace on a third-party cloud platform.

The stolen data primarily includes call and text interaction records, revealing telephone numbers and interaction counts of AT&T and MVNO customers, alongside aggregate call durations for specific timeframes. An alarming subset of the records also contained location data, allowing for potential triangulation of customer whereabouts.

Expert voices in the cybersecurity community, including Jake Williams from NSA and IANS Research, emphasized the value of call data records (CDR) in intelligence analysis and the risks associated with such a breach.

Notable MVNOs affected by the breach include Black Wireless, Boost Infinite, Consumer Cellular, Cricket Wireless, and others, highlighting the extensive reach of the data breach across the telecom landscape.

While the breach does not expose personal identifying information like social security numbers or dates of birth, AT&T has issued warnings to customers regarding potential phishing and fraud attempts related to the stolen data. Additionally, the company is cooperating with law enforcement authorities to bring the perpetrators to justice.

The breach has been linked to the wider security incident involving Snowflake, a cloud provider that has been in the headlines for breaches affecting entities like Ticketmaster, Santander, and Neiman Marcus. Details emerging from the breach shed light on the threat actor UNC5537 and its financial motives behind the cybercrime spree.

John Binns, a U.S. citizen previously indicted for hacking T-Mobile in 2021, has been connected to the AT&T breach and was reportedly apprehended in Turkey. With the fallout expanding, Snowflake has reinforced its security measures by mandating multi-factor authentication for all users to prevent further account takeovers.