It Would Be Lovely To Head Into The Weekend Without A New Breach For A Change
AT&T have disclosed a SnowFlake related breach which effects around 109 million customers, essentially everyone with an AT&T phone account. The breach contains data that hackers managed to collect from May 1 to October 31, 2022 and again on January 2, 2023. The stolen data includes the phone numbers of not only AT&T customers but also external carriers, likely ones which interacted with one of the breached accounts. The data also includes the number of calls and texts made as well as an daily aggregate of call duration and in some cases cell site IDs the phone connected to.
This could have been much worse, no billing information was collected such as credit cards or addresses. On the other hand, this data is a goldmine for phishing attacks. If someone knows numbers you interact with frequently or have long conversations with, they can now try to impersonate that person to get info or money from you. If you are an AT&T customer, you should expect to hear from them soon.
Via Bleeping Computer:
“In a Friday morning Form 8-K filling with the SEC, AT&T says that the stolen data contains the call and text records of nearly all AT&T mobile clients and customers of mobile virtual network operators (MVNOs) made from May 1 to October 31, 2022 and on January 2, 2023.
The stolen data includes:
Telephone numbers of AT&T wireline customers and customers of other carriers.
Telephone numbers with which AT&T or MVNO wireless numbers interacted.
Count of interactions (e.g., the number of calls or texts).
Aggregate call duration for a day or month.
For a subset of records, one or more cell site identification numbers.”
