AT&T has recently announced a major data breach that has affected approximately 7.6 million current account holders and 65.4 million former account holders.1 This breach exposed records of call and text interactions—one of the biggest private communications data breaches in recent times.
If you’re an AT&T customer, it’s important to understand what happened and how it might affect you. Here are the details of the breach and what steps you can take to protect yourself.
How Did AT&T Get Hacked?
AT&T discovered in April that data had been illegally downloaded from a third-party cloud platform called Snowflake. This came about a month after AT&T had been handling a different data leak where customer information was posted on the dark web. AT&T says these two incidents are unrelated.
The company hired experts to look into the breach after a hacker claimed they unlawfully accessed and copied AT&T’s call logs on April 19. AT&T later confirmed that the hackers accessed data between April 14 and April 25.
AT&T was instructed by the U.S. Department of Justice to delay disclosing the breach. The FBI confirmed that the delay was due to public reporting under Item 1.05(c) of the SEC Rule and is working with AT&T on the ongoing investigation. AT&T announced it via a regulatory SEC filing.
Details about the breach:
- According to AT&T, nearly all of its wireless subscribers were affected by a breach that took place between April 14 and April 25, 2024. During this incident, a hacker accessed and extracted files containing “records of customer call and text interactions” between approximately May 1 and October 31, 2022, as well as on January 2, 2023.
- The data exposed did not contain the actual content of calls or texts, nor did it include personal information like Social Security numbers, dates of birth, or other personally identifiable information.
- However, the stolen metadata revealed the phone numbers that customers texted and called, as well as how frequently they interacted with those numbers.
- For a subset of records, one or more cell site identification numbers were also included, which could be used to estimate customers’ locations during calls or texts.
This breach shows the increasing risks of using cloud platforms, as shown by other recent issues like the Snowflake data breach attacks.
Link to Snowflake Data Breach Attacks
Multiple sources have linked the AT&T breach to a recent series of data heists from the Snowflake cloud data platform, where attackers compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware.
AT&T is one of over 150 companies thought to have had their data stolen from poorly secured Snowflake accounts during a hacking spree in April and May. It was reported that many of these accounts weren’t protected by multi-factor authentication (MFA).
Once hackers had the usernames, passwords, and sometimes authorization tokens, they could easily access the companies’ storage accounts and steal their data. Other companies affected include Ticketmaster, Santander Bank, LendingTree, and Advance Auto Parts.
Measures Taken After AT&T Security Breach 2024
According to AT&T in a press release statement, at least one person has already been apprehended.
AT&T paid a hacker from the ShinyHunters group over $300,000 to delete the stolen data and provide a video as proof of deletion. The hacker, part of the ShinyHunters hacking group known for stealing data from unsecured Snowflake cloud accounts, told WIRED that AT&T made the payment in May.
He shared the cryptocurrency wallet address used to send the payment and the one that received it. WIRED verified through an online blockchain tool that a payment of 5.7 bitcoin (worth $373,646 at the time) was made on May 17. It’s unclear who owns those wallets, though.
A security researcher, known only by his online name Reddington, also confirmed that the payment took place. The hacker had asked Reddington to act as a middleman during the negotiation with AT&T, and AT&T paid Reddington a fee for helping out. Reddington showed WIRED proof of this payment. The hacker originally asked AT&T for $1 million but eventually settled for a third of that amount.
Even if the stolen data was deleted, the exposed metadata could still be used by cybercriminals to piece together events, identify relationships between phone numbers, and launch more convincing phishing and social engineering attacks targeting AT&T customers and many others.
AT&T Data Breach 2024 – What to Do
If you’re an AT&T customer affected by the 2024 data breach, it’s important to take a few steps to protect yourself. Although the breach didn’t expose sensitive personal information like Social Security numbers, it did expose phone calls and text records, which could still be used for unwanted activities.
Here’s what you can do:
- Check Your AT&T Account: Log in to your AT&T account and monitor for any unusual activity. If you notice anything suspicious, report it immediately to AT&T customer support.
- Change Your Password: It’s always a good idea to change your password after a data breach. Make sure your new password is strong and unique. Consider using a password manager to keep track of it securely.
- Enable Multi-Factor Authentication (MFA): If you haven’t already, turn on MFA for your AT&T account. This adds an extra layer of security, making it harder for anyone to gain unauthorized access, even if they have your login details.
- Be Aware Of Phishing Scams: Hackers often use information from breaches to trick people into giving away more data. Be cautious of any suspicious emails, calls, or texts that ask for personal information or urge you to click on links. AT&T will not ask for sensitive details through these means.
- Monitor Your Phone Bill: Keep an eye on your phone bill for any unusual charges. If something seems off, contact AT&T immediately to resolve the issue.
- Consider Credit Monitoring: While this breach didn’t expose highly sensitive data, it’s still a good idea to keep an eye on your credit report. Credit monitoring services can alert you to any unusual activity that might suggest identity theft.
- Create an Account PIN: If you have not done so, go to your account settings and create an account PIN. This will prevent the Attacker’s ability to port your number to another phone carrier.
Taking these steps can help you reduce your risks and better protect your personal information after the AT&T data breach.
FAQ
How Do I Know If I Was Affected By An AT&T Data Breach?
To find out if you were affected by the AT&T data breach, check for any official notification from AT&T. You can also log in to your AT&T account to see if there are alerts. If you’re unsure, contact AT&T customer support for confirmation and further guidance on protecting your information.
Can I Be Compensated For An AT&T Data Breach?
If you’re a current or former AT&T customer whose personal information was exposed in the breach, you might be entitled to compensation through a class action lawsuit. California residents could receive up to $750 under the California Consumer Privacy Act (CCPA). Check for updates on the lawsuit to see if you qualify.
What Information Was Stolen From AT&T?
The information stolen from AT&T includes records of customer calls and text interactions. This means details like phone numbers you called or texted and how often you interacted were exposed. However, no personal information like Social Security numbers, passwords, or the actual content of your calls or texts was stolen.
Who Is Behind The AT&T Hack?
The AT&T hack was carried out by a group called ShinyHunters, known for stealing data from poorly secured cloud accounts. If you’re concerned about data security, the 2Secure team can help you prevent breaches and attacks, ensuring your personal and business information stays safe.
Source:
- AT&T Addresses Recent Data Set Released on the Dark Web. (2024, March 30). About.att.com. https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html