What Happened: U.S. telecommunications company AT&T announced on July 12 that hackers had downloaded call and text message data from its subscribers due to a breach at a third-party cloud platform provided by Snowflake. The stolen data was mostly from 2022 and impacted nearly all of AT&T's 90 million wireless customers, customers of mobile virtual network operators running on the company's networks, and AT&T landline customers who interacted with compromised cell numbers, putting the total number of exposed customers at just under 110 million. Why It Matters: The stolen data does not include what users said on the calls or in the messages, nor does it reveal personal information, such as names, social security numbers or dates of birth, though phone numbers could be matched to names using public databases. In some cases, the stolen data also included estimated locations, providing not only a record of which phone numbers customers were in contact with and for how long, but also where they have been with their smartphones. While AT&T said it does not believe the stolen records have been published online, the hackers could decide to sell them or post them online at any time, posing serious privacy risks for individuals and offering cybercriminals opportunities to conduct new campaigns. For instance, threat actors could use phone numbers users frequently contact to carry out extortion campaigns impersonating banks, family members or employers, and they could use location data for stalking, doxxing or blackmail. Background: AT&T is the latest high-profile customer impacted by the ongoing campaign targeting Snowflake customers that have not implemented multi-factor authentication, though AT&T has not publicly stated whether or not it had implemented multi-factor authentication on its Snowflake account. In April, threat actors began downloading Snowflake databases of at least 165 organizations using credentials obtained with information-stealing malware. The AT&T breach also follows a previous data breach at the company in March that exposed 73 million current customers and former accounts on the dark web. Read More: |