US mobile giant AT&T suffers fresh massive data theft

US mobile giant AT&T suffers fresh massive data theft

According to AT&T, the data downloaded by the hackers did not include the content of calls and messages, nor personal information such as names or social security numbers
According to AT&T, the data downloaded by the hackers did not include the content of calls and messages, nor personal information such as names or social security numbers. Photo: PAU BARRENA / AFP/File
Source: AFP

US mobile operator AT&T reported Friday that hackers had stolen call and message data from virtually all of its customers for six months in 2022 -- around 90 million people.

The company said in a statement that "AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform" and that it had opened an investigation.

It added that the access point used by the hackers "has been secured" and that "based on information available to us...at least one person has been apprehended."

The data mainly comprised records of phone calls and text messages made between May 2022 and October 2022.

These are the phone numbers used by AT&T mobile subscribers, and also, in some cases, location data that could help malicious actors determine where calls were made and text messages sent.

Read also

AI makes writing easier, but stories sound alike

But according to AT&T, the data downloaded by the hackers did not include the content of calls and messages, nor personal information such as names or social security numbers.

"At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved," the company added.

Although Snowflake is not mentioned in the statement, eyes have turned to this cloud platform, which sells data analytics services to large corporations and has recently suffered a wave of data thefts.

A source close to the case confirmed to AFP that the hackers had gained access to the AT&T records via Snowflake.

AT&T already suffered a major cyberattack in March, when the personal data of over 70 million current and former customers was leaked on the dark web.

Read also

Musk's X 'deceives' users with blue checks, EU charges

This is a "second blow to the millions of customers who have already lost trust after having their private information exposed by the company earlier this year," said Darren Guccione, CEO and co-founder at Keeper Security.

Although this time the information is "less sensitive than that disclosed in the previous breach," Guccione recommended that those affected take steps to protect their identity, such as changing their AT&T account password and implementing multifactor authentication.

He further advised customers to monitor their bank accounts, sign up for a dark web monitoring services or freeze their credit "to prevent the approval of new loans or lines of credit" in their name.

The Department of Justice said that it was investigating the incident.

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.