AT&T is warning of an enormous information breach the place risk actors stole the decision logs for about 109 million prospects, or practically all of its cell prospects, from a web based database on the corporate’s Snowflake account.
The corporate confirmed to BleepingComputer that the info was stolen from the Snowflake account between April 14 and April 25, 2024.
In a Friday morning Form 8-K filling with the SEC, AT&T says that the stolen information incorporates the decision and textual content information of practically all AT&T cell purchasers and prospects of cell digital community operators (MVNOs) constructed from Might 1 to October 31, 2022 and on January 2, 2023.
The stolen information consists of:
- Phone numbers of AT&T wireline prospects and prospects of different carriers.
- Phone numbers with which AT&T or MVNO wi-fi numbers interacted.
- Depend of interactions (e.g., the variety of calls or texts).
- Mixture name period for a day or month.
- For a subset of information, a number of cell web site identification numbers.
The uncovered information didn’t comprise the content material of the calls or texts, buyer names, or every other private info reminiscent of Social Safety numbers or dates of delivery.
Though the accessed logs don’t comprise delicate info that straight exposes buyer identities, the communications metadata can be utilized to correlate them with publicly out there info and simply derive identities in lots of circumstances.
The corporate says that after studying of the breach they labored with cybersecurity consultants and notified legislation enforcement. The US Division of Justice gave AT&T permision twice, on Might 9, 2024 and June 5, 2024, to delay public notification because of the potential dangers to nationwide safety and public security.
“Shortly after figuring out a possible breach to buyer information and earlier than making its materiality determination, AT&T contacted the FBI to report the incident. In assessing the character of the breach, all events mentioned a possible delay to public reporting below Merchandise 1.05(c) of the SEC Rule, on account of potential dangers to nationwide safety and/or public security,” the FBI instructed BleepingComputer.
“AT&T, FBI, and DOJ labored collaboratively by means of the primary and second delay course of, all whereas sharing key risk intelligence to bolster FBI investigative equities and to help AT&T’s incident response work.”
“The FBI prioritizes help to victims of cyber-attacks, encourages organizations to ascertain a relationship with their native FBI area workplace upfront of a cyber incident, and to contact the FBI early within the occasion of breach.”
AT&T is working with legislation enforcement to arrest these concerned and states that they perceive a minimum of one individual has already been apprehended.
AT&T mentioned it has carried out extra cybersecurity measures to dam unauthorized entry makes an attempt sooner or later, and it promised to inform present and former prospects impacted by this incident quickly.
In the meantime, AT&T prospects can comply with the hyperlinks supplied on this FAQ page to examine if their cellphone quantity’s information was uncovered and to obtain the info related to their quantity that was stolen.
As of as we speak, AT&T says it has no proof the accessed information has been made publicly out there and says the incident is just not associated to the 2021 information breach AT&T confirmed earlier this year impacted 51 million prospects.
The Snowflake information theft assaults
AT&T has confirmed to BleepingComputer that the info was stolen from its Snowflake account as a part of a wave of current information theft assaults utilizing compromised credentials.
Snowflake is a cloud-based database supplier that enables prospects to carry out information warehousing and analytics on giant volumes of information.
Final month, Mandiant revealed {that a} financially motivated risk actor tracked as ‘UNC5537’ was behind a number of assaults in opposition to Snowflake prospects, utilizing account credentials stolen through infostealer malware.
Snowflake has since introduced a compulsory multi-factor authentication (MFA) enforcement possibility for workspace directors to guard accounts in opposition to simple take-overs resulting in information breaches impacting hundreds of thousands of individuals.
The checklist of high-profile victims to which AT&T is being added now consists of Advance Auto Parts, Pure Storage, Los Angeles Unified, Neiman Marcus, Ticketmaster, and Banco Santander.