AT&T faced a major data breach in July, as disclosed by the telecom company on the 12th of the month. The breach involved a threat actor gaining unauthorized access to customer data stored on a cloud workspace managed by Snowflake, a prominent cloud storage and analytics provider. The compromised data included call and text message records of cellular customers from May 1 to Oct. 31, 2022, as well as information from other customers, such as landline users who had interacted with compromised cellular numbers during the same period. The breach itself originated in April, according to a statement released by AT&T.
This incident highlighted a broader issue as AT&T was not the only company impacted by a compromise of its Snowflake database instance. In late May, Snowflake reported that a threat actor known as UNC5537 had used stolen credentials against multiple database customers, particularly targeting those without multi-factor authentication (MFA) enabled. The compromised credentials were acquired through various means, including infostealer malware and illicit purchases. AT&T was just one of potentially 165 organizations whose credentials were exposed in this manner.
To address the growing concern of identity threat campaigns like this one, Snowflake took proactive steps by introducing new features aimed at enhancing security. Administrators now have the option to make MFA mandatory across their organizations, with the ability to enforce this requirement at an organizational level and monitor compliance. While MFA is not currently mandatory for existing customers, Snowflake announced plans to make it a requirement for all new human users in the near future. However, experts had mixed opinions on whether these measures were sufficient to safeguard organizations from similar threats.
In response to these developments, TechTarget editors Rob Wright and Alexander Culafi delved into the details of AT&T’s breach and the latest updates on UNC5537’s campaign targeting Snowflake customers on a recent episode of the Risk & Repeat podcast. This ongoing dialogue underscores the evolving nature of cybersecurity threats and the importance of staying informed about the latest developments in data security.
As organizations continue to grapple with the challenges of securing their digital infrastructure, the AT&T breach serves as a reminder of the critical need for robust security measures, including the implementation of multi-layered defenses like MFA. By proactively addressing vulnerabilities and adopting best practices in data security, companies can reduce their risk exposure and better protect sensitive information from malicious actors.