Heaptalk, Jakarta — The American mobile operator AT&T experienced a hack that leaked 110 million users’ data (07/15).
“We only realized the breach on April 19, 2024. However, the leaked data was accessed on May 1, 2022, October 31, 2022, and January 2, 2023. The leaked data includes phone numbers, the number of phone calls and SMS, call durations, and also tower ID numbers,” explained AT&T (07/15).
Fortunately, the leaked data does not include the content of phone calls or SMS but only metadata containing the numbers involved in calls, SMS, and call durations. AT&T is cooperating with law enforcement to address this breach to find the cybercriminals involved. They mentioned that at least one person has been arrested.
Besides AT&T, the data of customers from other mobile operators using the AT&T network was also affected by this hack. The company stated it would inform the affected users of this breach without further explaining the fate of customers of other mobile operators using their network.
“The AT&T data breach is also related to the breach of Snowflake, a cloud data service provider used by AT&T and many other companies,” revealed AT&T. Snowflake also became a victim of hacking, causing the data stored in its cloud servers to be leaked. Security researchers pointed out that the cause of the breach was Snowflake’s failure to activate the multi-factor authentication (MFA) system, making it vulnerable to being hacked.
According to cybersecurity company Mandiant, whose services Snowflake uses, the hacker managed to steal a significant amount of data from around 165 Snowflake customers. The perpetrator is a cybercrime syndicate known as UNC5537, whose members are spread across North America and Turkey.
