Hackers broke right into a cloud platform utilized by AT&T and accessed the cellphone information of “nearly all” of its mobile clients, AT&T introduced on Friday.
AT&T stated the stolen information incorporates cellphone numbers of each mobile and landline clients, in addition to AT&T information of calls and textual content messages throughout a six-month interval between Could 1, 2022 and October 31, 2022.
AT&T stated a few of the stolen information consists of more moderen information from January 2, 2023 for a smaller, unspecified variety of clients, in addition to name information of consumers with different mobile carriers that depend on AT&T’s community.
A few of the information embrace cell web site identification numbers linked to calls and texts, which can be utilized to work out the approximate location of the place a name was made or message despatched.
The downloaded information would not embrace the content material of any calls or texts, or their time stamps, based on AT&T. It additionally would not have any particulars similar to Social Safety numbers, dates of delivery, or different personally identifiable info.
AT&T stated it realized of the info breach on April 19, and that it’s unrelated to an earlier safety incident in March. The corporate stated it doesn’t consider the info is publicly out there at the moment, and it continues to work with regulation enforcement to determine and apprehend these concerned. At the least one particular person is alleged to have been arrested.
AT&T informed TechCrunch that the latest compromise of buyer information had been stolen from the cloud information large Snowflake throughout a current spate of information thefts concentrating on Snowflake’s clients. Different corporations which have confirmed stolen information from Snowflake embrace Ticketmaster, QuoteWizard, and others.
Cybersecurity researchers from incident response agency Mandiant say the hacker group is generally primarily based within the US and people concerned are financially motivated.
AT&T clients involved about phishing and smishing scams ought to go to the corporate’s assist article, which additionally consists of recommendation on methods to defend your self from on-line fraud.