{"id":44058,"date":"2024-07-12T18:17:50","date_gmt":"2024-07-12T22:17:50","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=44058"},"modified":"2024-07-15T10:39:27","modified_gmt":"2024-07-15T14:39:27","slug":"huge-att-data-breach","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2024\/07\/12\/huge-att-data-breach\/","title":{"rendered":"Huge AT&T Data Breach"},"content":{"rendered":"

Zack Whittaker<\/a> ( Hacker News<\/a>):<\/p>\n

U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of “nearly all” of its customers, a company spokesperson told TechCrunch.<\/p>

In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period between May 1, 2022 and October 31, 2022. <\/p>

[…]<\/p>

AT&T’s Huguely told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts<\/a> targeting Snowflake’s customers.<\/p><\/blockquote>\n\n

Brian Krebs<\/a>:<\/p>\n

\n

In a written statement shared with KrebsOnSecurity, the FBI confirmed that it asked AT&T to delay notifying affected customers.<\/p>\n

[…]<\/p>\n

Earlier this year, malicious hackers figured out that many major companies have uploaded massive amounts of valuable and sensitive customer data to Snowflake servers, all the while protecting those Snowflake accounts with little more than a username and password.<\/p>\n

[…]<\/p>\n

Other companies with millions of customer records stolen from Snowflake servers include Advance Auto Parts, Allstate, Anheuser-Busch, Los Angeles Unified, Mitsubishi, Neiman Marcus, Progressive, Pure Storage, Santander Bank, State Farm, and Ticketmaster.<\/p>\n<\/blockquote>\n\n

Brian Krebs<\/a>:<\/p>\n

\n

AT&T’s SEC filing says some cellular site tower information is also among the data accessed by the intruders, which could be used to determine the approximate location of where a call was made or text message sent.<\/p>\n

This raises an important question: Was the AT&T customer data stolen from a law enforcement portal set up by AT&T? Sure seems like it.<\/p><\/blockquote>\n\n

Joseph Cox<\/a>:<\/p>\n

I’ve also seen a section of the hacked AT&T data. It is incredibly sensitive. The numbers dialed by targets can include apparent family members, businesses, and other places that build a detailed picture of someone’s life. Staggering data breach.<\/p><\/blockquote>\n\n

Update (2024-07-15): Matthew Green<\/a>:<\/p>\n

\n

If you want to avoid disasters like the AT&T breach, there are basically only three solutions:<\/p>\n

    \n\t
  1. Don’t store data<\/li>\n\t
  2. Don’t store unencrypted data<\/li>\n\t
  3. Have security practices like Google<\/li>\n<\/ol>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"

    Zack Whittaker ( Hacker News): U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of “nearly all” of its customers, a company spokesperson told TechCrunch.In a statement, AT&T said that the stolen data contains phone numbers of both […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2024-07-12T22:17:54Z","apple_news_api_id":"0fa4210f-d1cf-4a4b-9f3c-bbe1cb21f0be","apple_news_api_modified_at":"2024-07-15T14:39:30Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAQ==","apple_news_api_share_url":"https:\/\/apple.news\/AD6QhD9HPSkufPLvhyyHwvg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1394,1755,2622,1347,355,96],"class_list":["post-44058","post","type-post","status-publish","format-standard","hentry","category-technology","tag-att","tag-breach","tag-carrir","tag-federal-bureau-of-investigation-fbi","tag-privacy","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/44058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=44058"}],"version-history":[{"count":3,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/44058\/revisions"}],"predecessor-version":[{"id":44077,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/44058\/revisions\/44077"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=44058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=44058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=44058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}