No menu items!
EletiofeThe Sweeping Danger of the AT&T Phone Records Breach

The Sweeping Danger of the AT&T Phone Records Breach

-

- Advertisment -

From targeted wiretaps to bulk surveillance dragnets, phone companies have been at the center of privacy concerns for decades—and their time in the limelight isn’t over yet. On Friday, telecom giant AT&T announced that it recently suffered a data breach impacting call and text messaging records of “nearly all” its customers. The company is in the process of notifying about 110 million people that they were affected.

AT&T said in a US Securities and Exchange Commission filing that it learned about the data breach on April 19. Attackers exfiltrated data between April 14 and April 25. The company said in its SEC submission that the US Justice Department authorized delayed disclosure of the breach on May 9 and again on June 5, pending investigation. AT&T added that it is “working with law enforcement in its efforts to arrest those involved in the incident.” So far, “at least one person has been apprehended.”

“Yeah, this is really bad,” says Jake Williams, vice president of research and development at the cybersecurity consultancy Hunter Strategy. “What the threat actors stole here are essentially call data records. These are a gold mine in intelligence analysis because they allow someone to understand networks—who is talking to whom and when. And threat actors have data from previous compromises to map phone numbers to identities. But even without identifying data for a phone number, closed networks—where numbers only communicate with others in the same network—are almost always interesting.”

The incident is significant not only because of its sheer scale and reach but because AT&T says it is the latest in a staggering spate of data thefts that resulted from attackers compromising organizations’ Snowflake cloud accounts. Snowflake is a data warehousing platform, and attackers collected its customers’ account credentials in recent months to steal hundreds of millions of records from about 165 Snowflake clients, including Ticketmaster, Santander bank, and LendingTree’s QuoteWizard.

The AT&T data is from both landline and cellular accounts and spans May 1, 2022, to October 31, 2022. A smaller, undisclosed number of people also had records from January 2, 2023, stolen in the breach. The company said on Friday that the data trove “does not contain the content of calls or texts” and does not include the date and time of communications. But attackers did make off with phone numbers and a massive amount of so-called “metadata” about calls and texts, including who contacted whom, call durations, and tallies of a customer’s total calls and texts. The trove also includes some cell site identification numbers—essentially cell tower data that can be used to approximate a cellphone’s location when it made or received a call or text.

The data includes some records of people who are customers of phone carriers—known as “mobile virtual network operators”—that contract with AT&T to use the larger company’s networks and infrastructure for their service. And, crucially, the stolen trove exposes people who have no relationship with AT&T when they communicated with an AT&T customer during the relevant time spans.

Though the breach is not a worst-case scenario in every possible way—the data does not, for example, include identifying customer information like Social Security numbers—it could be a gold mine for attackers looking to construct compelling phishing attacks and other scams to target individuals or specific communities of people. And the breach underscores that even without the contents of communications, leaked metadata still has major implications for people’s privacy and security. This is why privacy advocates have long made a distinction between communication platforms—namely, the secure messaging app Signal—that are designed to generate the absolute bare minimum of metadata, versus other communication platforms that don’t curtail metadata use to the same degree. This even includes other end-to-end encrypted services like WhatsApp.

The Google-owned cybersecurity firm Mandiant investigated the string of Snowflake account intrusions and said in June that financially motivated criminal hackers, tracked under the name UNC5537, are behind the attacks. The group used info-stealing malware to grab credentials for companies’ Snowflake accounts and then easily logged into any accounts that didn’t have two-factor authentication enabled. The security feature was turned off by default on Snowflake accounts. Snowflake has since put new multifactor authentication policies in place.

AT&T emphasizes that it “does not believe” the data stolen in the breach is publicly available. But that doesn’t mean that it poses no threat from the actor that stole it. On Friday, the US Cybersecurity and Infrastructure Security Agency released an alert about the situation. And, though only a handful of victims of the Snowflake rampage have come forward, hackers have already been advertising, trying to sell, and demanding ransoms from impacted companies over data stolen from their Snowflake accounts. Actors including ShinyHunters and another account going by the handle Sp1d3rHunters have been advertising the data on the cybercrime marketplace BreachForums, which was recently resurrected after being taken down by law enforcement, and demanding companies pay millions for the data to be removed.

Additional reporting by Matt Burgess.

Latest news

7 Best Handheld Gaming Consoles (2024): Switch, Steam Deck, and More

It feels like a distant memory by now, but right before the Nintendo Switch launched in 2017, it seemed...

The Boeing Starliner Astronauts Will Come Home on SpaceX’s Dragon Next Year

NASA has announced that astronauts Barry Wilmore and Sunita Williams will return to Earth next February aboard SpaceX’s Dragon...

How to Switch From iPhone to Android (2024)

Ignore the arguments about which is better, because iPhones and Android phones have far more in common than some...

12 Best Tablets (2024): iPads, Androids, and More Tested and Compared

Tablets often don't come with kickstands or enough ports, so it's a good idea to snag a few accessories...
- Advertisement -

Will the ‘Car-Free’ Los Angeles Olympics Work?

THIS ARTICLE IS republished from The Conversation under a Creative Commons license.With the Olympic torch extinguished in Paris, all...

Lionel Messi will return before MLS playoffs, says Inter Miami coach Tata Martino

Inter Miami head coach Tata Martino said on Friday that Lionel Messi will return to the team's lineup before...

Must read

7 Best Handheld Gaming Consoles (2024): Switch, Steam Deck, and More

It feels like a distant memory by now, but...

The Boeing Starliner Astronauts Will Come Home on SpaceX’s Dragon Next Year

NASA has announced that astronauts Barry Wilmore and Sunita...
- Advertisement -

You might also likeRELATED
Recommended to you