AT&T Data Breach of 110M Records - Snowflake
AT&T just disclosed a data breach that exposed phone call and text message records for roughly 110 million people. Let’s dive into the details and explore why this is important to understand. Also, this is not just AT&T, its a number of companies, but AT&T seems to be getting the biggest hit in the news.
So, AT&T revealed today that cyber intruders accessed an AT&T workspace on a third-party cloud platform back in April. They managed to download files containing customer call and text interactions between May 1 and October 31, 2022, and even on January 2, 2023. Now, they didn’t get the content of the calls or texts, Social Security numbers, dates of birth, or any other personally identifiable information. But still, this is pretty serious.
According to AT&T, “While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.” So even though your name isn’t directly exposed, it might still be traceable.
the company actually learned of the breach on April 19 but delayed disclosing it because federal investigators requested it for national security and public safety.
According to Techcrunch, the customer data was stolen as part of a larger breach involving more than 160 customers of the cloud data provider Snowflake. Earlier this year, hackers figured out that major companies were uploading sensitive data to Snowflake servers protected with just a username and password. Wired reported that these hackers bought stolen credentials from dark web services selling access to usernames, passwords, and authentication tokens siphoned by information-stealing malware. Snowflake now requires all new customers to use multi-factor authentication, but clearly, the damage has been done.
Some of the other companies affected by these Snowflake data thefts include Advance Auto Parts, Allstate, Anheuser-Busch, Los Angeles Unified, Mitsubishi, Neiman Marcus, Progressive, Pure Storage, Santander Bank, State Farm, and Ticketmaster. This is a widespread issue!
Mark Burnett, an application security architect, said that the only real use for the stolen data is knowing who is contacting whom and how many times. But even that can be pretty invasive. He pointed out that this breach involved metadata, making us wonder about the implications of call logs without timestamps or names.
It’s shocking that so many corporations think it’s okay to store sensitive data with minimal security. Advance Auto Parts, for example, had exposed full names, Social Security numbers, driver’s licenses, and government-issued ID numbers for 2.3 million people who were former employees or job applicants.
So, what can you do?
One - Make sure to use multi-factor authentication wherever possible
Two - Use multiple emails with different applications such as banking, crypto, and other providers, to lower the risk when one of your providers is breached
Three - Use a VPN when possible and a good on-device anti-virus app
Four, and most importantly when talking about mobile - if your a US resident then use a secure mobile service from Efani which resells AT&T and Verizon, and be secure from SIMS swaps, adds privacy, and backs it up with a 5M insurance policy.
Efani Promo Code: www.efani.com/promo
