Nearly every AT&T customer just had six months of call logs stolen

AppleInsider

AT&T has just disclosed another old data breach, with this one exposing nearly every customer's phone call and text message records for a date range spanning six months in 2022.

The company made the disclosure on Friday morning. The company is specific about what got stolen, and believes that the data lifted is not yet publicly available.

Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included.

The breach goes further than just AT&T customers. The data set also includes any number that an AT&T customer interacted with, including landline customers. Also included are total call durations, and counts of calls or texts to any given number.

AT&T says that the data doesn't include contents of calls or texts, or relevant time stamps. Other personally identifiable information like social security numbers or dates of birth are not included in the breach either.

At this time, it doesn't appear that AT&T is offering anything else to those impacted other than platitudes -- but it does say in the disclosure filing that there is a way to see what phone numbers were exposed. It has confirmed that the access point where the data was stolen has been secured.

Around 110 million customers, past and present, are impacted by the breach. The company says that it learned about the breach on April 19. In a statement to AppleInsider, AT&T says that was cooperating with law enforcement in the ongoing investigation, and waited to disclose to avoid "undermining their work."

Like with TicketMaster, the data theft is related to cloud analytics platform Snowflake. As with the rest of the breaches associated with Snowflake, the analytics firm says that it is not responsible, and instead the customers that don't use multi-factor authentication are to blame.

Snowflake does not mandate multi-factor authentication.

This breach is unrelated to an earlier one, that the company disclosed in March 2024. In that one, the company reset passcodes for 7.6 million customers, three years after the breach happened.

The breach that the company reported then was denied for three years, after being reported on hacker forums in 2021.

Updated July 12, 8:13 AM Updated with reasoning from AT&T why they waited three months to disclose the breach to customers.



Read on AppleInsider

hodar

Other carriers just cannot buy advertising like this.

AppleZulu

In the current world environment, this is worrying.

That said, at least for the text data, this highlights the value of those "blue bubbles," which indicate your message is encrypted and going through Apple's messaging servers, not through the cellular sms/mms network affected by this breach.

linkman

Between hacks like this, massive password leaks, companies intruding into your personal info, and the government spying on its citizens the only way left to protect your privacy is to drop off the grid. I give up.

timpetus

Why do such logs even exist? Oh right, the same reason everything else that sucks about the digital age exists: advertising. 

anonymouse

timpetus said:

Why do such logs even exist? Oh right, the same reason everything else that sucks about the digital age exists: advertising. 

No, these records were logs of who was calling and texting who. The FBI was involved early in the investigation and had ATT delay reporting it for national security reasons. These logs were not purposed for advertising. These logs were created by ATT for the security apparatus so they could sift through them and discover chains of connections between people using ATT's services.

AppleZulu

anonymouse said:

timpetus said:

Why do such logs even exist? Oh right, the same reason everything else that sucks about the digital age exists: advertising. 

No, these records were logs of who was calling and texting who. The FBI was involved early in the investigation and had ATT delay reporting it for national security reasons. These logs were not purposed for advertising. These logs were created by ATT for the security apparatus so they could sift through them and discover chains of connections between people using ATT's services.

To be accurate, such logs were created for billing purposes. For those with short memories, up until recently, telephone companies billed customers per text and per minute for calls, and only slightly further back, calls to numbers outside your immediate area were “long distance,” and billed at a higher rate. Though “unlimited texts and calls” are now more common, the logs are still generated. There may also still be legitimate internal uses for that information. 

avon b7

AppleZulu said:

In the current world environment, this is worrying.

That said, at least for the text data, this highlights the value of those "blue bubbles," which indicate your message is encrypted and going through Apple's messaging servers, not through the cellular sms/mms network affected by this breach.

I can't see any value to the colours of 'bubbles'.

WhatsApp, Viber, Signal, Telegram et al all have encryption.

The colour of bubbles only takes on any kind of significance because Apple decided to muddy the waters for its users by mixing SMS/MMS with an IM app.

If SMS/MMS were in their own standalone app there would not be an issue.

anonymouse

AppleZulu said:

anonymouse said:

timpetus said:

Why do such logs even exist? Oh right, the same reason everything else that sucks about the digital age exists: advertising. 

No, these records were logs of who was calling and texting who. The FBI was involved early in the investigation and had ATT delay reporting it for national security reasons. These logs were not purposed for advertising. These logs were created by ATT for the security apparatus so they could sift through them and discover chains of connections between people using ATT's services.

To be accurate, such logs were created for billing purposes. For those with short memories, up until recently, telephone companies billed customers per text and per minute for calls, and only slightly further back, calls to numbers outside your immediate area were “long distance,” and billed at a higher rate. Though “unlimited texts and calls” are now more common, the logs are still generated. There may also still be legitimate internal uses for that information. 

I don't think so.

https://krebsonsecurity.com/2024/07/hackers-steal-phone-sms-records-for-nearly-all-att-customers/

Other companies with millions of customer records stolen from Snowflake servers include Advance Auto Parts, Allstate, Anheuser-Busch, Los Angeles Unified, Mitsubishi, Neiman Marcus, Progressive, Pure Storage, Santander Bank, State Farm, and Ticketmaster.

Why are all these companies uploading these files to Snowflake with only user name and password protection? (And, this is not necessarily a complete list of companies whose data was stolen, or a complete list of companies that have been putting files on Snowflake.) These aren't company databases. They aren't being used for billing. These are files that multiple companies are placing on Snowflake for convenient access by FBI, CIA, NSA and other agencies who are likely running them through AI sifters to track persons of interest and everyone they communicate with, everything they do, everywhere they go, and probably several layers deep of who those people communicate with and where they go, etc.

There might be legitimate internal uses for the data, but this data is not on Snowflake for legitimate internal uses.