Hackers have stolen data of all AT&T cellular plan subscribers, the carrier disclosed in a regulatory filling
AT&T has published the details about the data breach in its portal. It explains that the hackers have gained access to call and text logs generated from May 1, 2022, to Oct. 31, 2022, as well as on Jan. 2, 2023. The compromised logs include the phone numbers that the affected users contacted, as well information about the number and duration of the calls they made.
The stolen records have contained the unique identifier of the cell towers that processed users’ communications. According to AT&T, the hackers didn’t gain access to more sensitive data such as affected users’ personal information.
AT&T is working with law enforcement agencies to support their investigation of the breach. It detailed on its support portal that authorities have made at least one arrest in connection with the cyberattack. Separately, the carrier has taken steps to secure the system from which the hackers stole the data.
The breaches weren’t the result of a vulnerability in Snowflake. Rather, Mandiant concluded that the hackers logged into the compromised customer environments using account credentials stolen in earlier cyberattacks. Mandiant said that the environments were breached because the affected customers didn’t refresh their login credentials, implement multifactor authentication or block network traffic from unauthorized sources.
Snowflake updated its platform to reduce the risk that such breaches will happen in the future. It has added a setting that allows administrators to turn on multifactor authentication by default for users. Snowflake rolled out a monitoring dashboard that tracks potential cybersecurity risks such as users with access to more data than they strictly require for their work.
This is not the first time AT&T disclosed a breach, earlier in March, a hacker released a dataset with personal information about more than 73 million current and former AT&T customers. In response to the incident, the carrier reset millions of accounts’ login credentials.
In a latest development, AT&T is alleged to have paid about $370,000 to delete customer data relating to nearly all its customers following its theft by the hacking group ShinyHunters.
AT&T is said to have negotiated with an intermediary of ShinyHunters called Reddington to stop the data from being released. The hackers reportedly asked for $1 million originally before AT&T negotiated them down on the amount, which is alleged to have been paid in bitcoin on May 17. The claim has been confirmed that payment of 5.8 bitcoin, the equivalent of $373,646 at the time, was made to a bitcoin wallet ShinyHunters allegedly controls. AT&T has not yet responded to the report.
