Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

https://firewall.firm.in/wp-content/uploads/2024/07/att.png

AT&T Data Breach

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to “nearly all” of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network.

“Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated files containing AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023,” it said.

This comprises telephone numbers with which an AT&T or MVNO wireless number interacted – including telephone numbers of AT&T landline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month.

A subset of these records also contained one or more cell site identification numbers, potentially allowing the threat actors to triangulate the approximate location of a customer when a call was made or a text message was sent. AT&T said it will alert current and former customers if their information was involved.

Cybersecurity

“The threat actors have used data from previous compromises to map phone numbers to identities,” Jake Williams, former NSA hacker and faculty at IANS Research, said. “What the threat actors stole here are effectively call data records (CDR), which are a gold mine in intelligence analysis because they can be used to understand who is talking to who — and when.”

AT&T’s list of MVNOs includes Black Wireless, Boost Infinite, Consumer Cellular, Cricket Wireless, FreedomPop, FreeUp Mobile, Good2Go, H2O Wireless, PureTalk, Red Pocket, Straight Talk Wireless, TracFone Wireless, Unreal Mobile, and Wing.

The name of the third-party cloud provider was not disclosed by AT&T, but Snowflake has since confirmed that the breach was connected to the hack that’s impacted other customers, such as Ticketmaster, Santander, Neiman Marcus, and LendingTree, according to Bloomberg.

The company said it became aware of the incident on April 19, 2024, and immediately activated its response efforts. It further noted that it’s working with law enforcement in their efforts to arrest those involved, and that “at least one person has been apprehended.”

404 Media reported that a 24-year-old U.S. citizen named John Binns, who was previously arrested in Turkey in May 2024, is connected to the security event, citing three unnamed sources. He was also indicted in the U.S. for infiltrating T-Mobile in 2021 and selling its customer data.

However, it emphasized that the accessed information does not include the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.

“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” it said in a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC).

It’s also urging users to be on the lookout for phishing, smishing, and online fraud by only opening text messages from trusted senders. On top of that, customers can submit a request to get the phone numbers of their calls and texts in the illegally downloaded data.

Cybersecurity

The malicious cyber campaign targeting Snowflake has landed as many as 165 customers in the crosshairs, with Google-owned Mandiant attributing the activity to a financially motivated threat actor dubbed UNC5537 that encompasses “members based in North America, and collaborates with an additional member in Turkey.”

The criminals have demanded payments of between $300,000 and $5 million in return for the stolen data. The latest development shows that the fallout from the cybercrime spree is expanding in scope and has had a cascading effect.

WIRED revealed last month how the hackers behind the Snowflake data thefts procured stolen Snowflake credentials from dark web services that sell access to usernames, passwords, and authentication tokens that are captured by stealer malware. This included obtaining access through a third-party contractor named EPAM Systems.

For its part, Snowflake this week announced that administrators can now enforce mandatory multi-factor authentication (MFA) for all users to mitigate the risk of account takeovers. It also said it will soon require MFA for all users in newly created Snowflake accounts.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket