Unveiling the Risks: The AT&T Phone Records Breach

 



From focused wiretaps to bulk surveillance dragnets, cellphone corporations have been at the center of privacy concerns for decades—and their time in the spotlight is not over yet. On Friday, telecom giant AT&T announced that it recently suffered a data breach impacting call and text messaging information of “nearly all” its customers. The company is in the process of notifying about 110 million people that they were affected.

AT&T stated in a US Securities and Exchange Commission (SEC) filing that it learned about the data breach on April 19. Attackers exfiltrated data between April 14 and April 25. The company mentioned in its SEC submission that the US Justice Department authorized delayed disclosure of the breach on May 9 and again on June 5, pending investigation. AT&T added that it’s “working with law enforcement in its efforts to arrest those involved in the incident.” So far, “at least one individual has been apprehended.”

“Yeah, this is really bad,” says Jake Williams, vice president of research and development at the cybersecurity consultancy Hunter Strategy. “What the threat actors stole here are essentially call detail records. These are a gold mine in intelligence analysis because they allow someone to understand networks—who is talking to whom and when. And threat actors have data from previous compromises to map phone numbers to identities. But even without identifying data for a phone number, closed networks—where numbers only communicate with others in the same network—are almost always interesting.”

The incident is significant not only because of its sheer scale and reach but also because AT&T says it’s the latest in a staggering spate of data thefts that resulted from attackers compromising organizations’ Snowflake cloud accounts. Snowflake is a data warehousing platform, and attackers collected its customers’ account credentials in recent months to steal hundreds of millions of records from about 165 Snowflake clients, including Ticketmaster, Santander Bank, and LendingTree’s QuoteWizard.

The AT&T data is from both landline and mobile accounts and spans May 1, 2022, to October 31, 2022. A smaller, undisclosed number of people also had records from January 2, 2023, stolen in the breach. The company said on Friday that the data trove “does not contain the content of calls or texts” and does not include the date and time of communications. However, attackers did make off with phone numbers and a large amount of so-called “metadata” about calls and texts, including who contacted whom, call durations, and tallies of a customer’s total calls and texts. The trove also includes some cell site identification numbers—essentially cell tower data that can be used to approximate a phone’s location when it made or received a call or text.

The data includes some records of individuals who are customers of mobile virtual network operators (MVNOs) that contract with AT&T to use the larger company’s networks and infrastructure for their service. And, crucially, the stolen trove exposes individuals who have no relationship with AT&T when they communicated with an AT&T customer during the relevant time spans.

Source  axios.com

No comments:

Russia Cracks Down on Cybercrime: Wazawaka Arrested for Ransomware Links

  Russia Arrests Infamous Cybercriminal Mikhail Matveev, Known as Wazawaka, for Ransomware Ties Russian authorities have arrested Mikhail Pa...