Hackers have successfully stolen records of calls and texts made by a significant number of AT&T’s cellular customers from May to October 2022, using stolen Snowflake account credentials, as confirmed by the company recently.
The stolen data does not contain the content of the calls or texts, nor does it include any personal information such as Social Security numbers or dates of birth. AT&T reassures its customers that typical usage details, like the timestamp of calls or texts, were also not included in the stolen information.
Snowflake, a cloud-based storage and analytics provider utilized by over 9,800 organizations worldwide, has unfortunately been targeted in a series of coordinated data theft campaigns. AT&T is just one of the 160+ organizations affected by these cyber attacks, where threat actors exploited compromised or stolen credentials for Snowflake accounts to gain unauthorized access to sensitive data.
The compromised accounts were reportedly secured only by a password, making it relatively easy for the hackers to access and extract valuable information. AT&T emphasizes that the stolen data primarily consists of records of calls and texts made by nearly all of its cellular customers, including those using AT&T’s wireless network through mobile virtual network operators (MVNOs). The breach also extends to AT&T’s landline customers who interacted with cellular numbers during the specified period.
Although the stolen data does not directly disclose customer names, AT&T acknowledges that public online tools exist that could potentially be used to link specific telephone numbers to individual identities. Nevertheless, the company asserts that the stolen data is not publicly available, and steps have been taken to prevent further unauthorized access.
In response to the breach, AT&T is cooperating with law enforcement to identify and apprehend those responsible for the illegal data theft. Despite the severity of the incident, AT&T clarifies that this breach is unrelated to a previous data leak in April, which affected tens of millions of past and present customers.
Snowflake, the cloud service provider at the center of these breaches, is taking proactive measures to enhance security for its customers. Recognizing the need for stricter security protocols, Snowflake is urging customers to implement additional security measures to prevent similar breaches in the future. The company has enlisted external experts to investigate the incident and has been transparent in sharing updates with the public and its customers to mitigate any potential backlash.
Moving forward, Snowflake understands the importance of bolstering security measures to safeguard customer data and protect its reputation. By prioritizing cybersecurity and empowering customers to enhance their security posture, Snowflake aims to prevent future breaches and maintain the trust of its clientele.