US mobile phone company AT&T said on Friday that hackers had stolen call and text data from almost all of its customers for six months in 2022 – about 90 million people.
The company said in a statement that “AT&T customer data was illegally downloaded from our workplace to a third-party cloud platform” and that it had launched an investigation.
He added that the access point used by the hackers “has been secured” and that “based on the information we have…at least one person has been arrested.”
The data mainly included records of phone calls and text messages made between May 2022 and October 2022.
These are the phone numbers used by AT&T mobile subscribers and also, in some cases, location data that could help malicious actors determine where calls were made and where text messages were sent.
AI makes writing easier, but the stories are similar
However, according to AT&T, the data the hackers downloaded did not include the content of calls and messages, or personal information such as names or Social Security numbers.
“At this time, we do not believe the data is publicly available. We continue to cooperate with law enforcement in their efforts to apprehend those involved,” the company added.
While Snowflake was not named in the statement, the cloud platform, which sells data analytics services to large companies and has recently suffered a wave of data theft, has been in the spotlight.
A source close to the case confirmed to AFP that the hackers had gained access to AT&T’s files through Snowflake.
AT&T already suffered a major cyberattack in March, when the personal data of more than 70 million current and former customers was leaked on the dark web.
Musk’s X ‘dupes’ users with blue checks, EU charges
This is a “second blow to the millions of customers who have already lost their trust after the company exposed their personal information earlier this year,” said Darren Guccione, CEO and co-founder of Keeper Security.
Although this time the information is “less sensitive than what was exposed in the previous breach,” Guccione recommended that those affected take steps to protect their identities, such as changing their AT&T account passwords and implementing multi-factor authentication.
It also advises customers to monitor their bank accounts, sign up for dark web monitoring services or freeze their credit “to prevent new loans or lines of credit from being approved” in their name.
The Justice Department said it was investigating the incident.
Source: AFP