A major data breach via a third-party cloud platform has exposed phone numbers and metadata related to calls and texts for nearly all AT&T wireless customers, as well as customers of other popular wireless providers. In a recent 8-K filing with the SEC, AT&T disclosed that the breach occurred through the Snowflake cloud platform. Leaked Snowflake account credentials have been the root cause of numerous breaches at other well-known companies such as Ticketmaster, Santander, and Neiman Marcus.
The delay in reporting this breach by AT&T has raised eyebrows due to the magnitude of the incident. While SEC guidelines mandate that public corporations reveal material data breaches within four days of discovery, AT&T took three months to disclose the breach. The reason for the delay was the direct involvement of the US Department of Justice (DoJ), which deemed it necessary to delay public disclosure. Additionally, at least one individual has been apprehended in connection to the breach.
The hackers behind the breach gained access to AT&T’s Snowflake workspace between April 14 and April 25 of the current year. During this period, they extracted records of customers’ calls and texts from May 1 to October 31, 2022, as well as data from January 2, 2023. The stolen information includes phone numbers, call and text volumes, cumulative call durations, and cell site identification numbers. The breach impacts nearly all of AT&T’s wireless customers, as well as customers of mobile virtual network operators (MVNOs) using AT&T’s network, which likely includes providers like Boost Mobile, Cricket Wireless, H2O, and Straight Talk Wireless.
Earlier this year, data belonging to over 70 million AT&T customers leaked to the Dark Web, compromising sensitive information like Social Security numbers, addresses, and dates of birth. While no stolen data has surfaced on the public web yet, AT&T has warned customers about potential risks. The inclusion of cell site identification numbers in the stolen data could enable the triangulation of users’ locations, leading to targeted social engineering attacks and compromising individuals’ physical security.
Javvad Malik, lead security awareness advocate at KnowBe4, highlighted the dangers of the exposed metadata, which could be used to paint a detailed picture of an individual’s daily life, habits, and associations. This information could facilitate sophisticated phishing attempts, identity theft, and other malicious activities in the future. The aftermath of the breach serves as a stark reminder that the consequences of such incidents can have lasting effects on the affected individuals.