American telecom service supplier AT&T has confirmed that menace actors managed to entry information belonging to “almost all” of its wi-fi clients in addition to clients of cell digital community operators (MVNOs) utilizing AT&T’s wi-fi community.
“Menace actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated information containing AT&T data of buyer name and textual content interactions that occurred between roughly Might 1 and October 31, 2022, in addition to on January 2, 2023,” it .
This contains phone numbers with which an AT&T or MVNO wi-fi quantity interacted – together with phone numbers of AT&T landline clients and clients of different carriers, counts of these interactions, and combination name period for a day or month.
The dataset also included information about a user’s phone activity, possibly allowing malicious actors to pinpoint the approximate location of a target when a call was made or text message sent. AT&T mentioned it’ll alert present and former clients if their data was concerned.
According to Jake Williams, a former NSA hacker and instructor at IANS Analysis, malicious actors have exploited previously compromised data to link cellphone numbers to individuals’ identities. “What’s alarming is the extent to which actors have stolen CDRs, which contain valuable named entity information crucial for effective intelligence analysis. By leveraging this data, analysts can pinpoint conversations between individuals and track communication patterns.”
AT&T’s record of MVNOs consists of Black Wi-fi, Increase Infinite, Client Mobile, Cricket Wi-fi, FreedomPop, FreeUp Cell, Good2Go, H2O Wi-fi, PureTalk, Pink Pocket, Straight Speak Wi-fi, TracFone Wi-fi, Unreal Cell, and Wing.
The title of the third-party cloud supplier was not disclosed by AT&T, however Snowflake has since confirmed that the breach was linked to the hack that is impacted different clients, comparable to Ticketmaster, Santander, Neiman Marcus, and LendingTree, in accordance with .
The corporation became aware of the incident on April 19, 2024, promptly launching a swift and effective response initiative. Additional reports suggest that the organization is actively collaborating with law enforcement agencies on efforts to apprehend those involved, with confirmation that at least one person has been taken into custody.
404 Media is a 24-year-old US-based company that specializes in providing innovative solutions for the digital age. A citizen named John Binns, who was in Turkey in May 2024, has been linked to a safety incident, according to three anonymous sources. He was also subsequently indicted in the United States. For successfully infiltrating T-Cell’s network in 2021 and promoting the security of their buyer information.
Notwithstanding this, the accessed data does not comprise the substance of phone calls or text messages, nor personal information such as Social Security numbers, birthdates, or other individually identifiable data.
While the submission does not include customer names, there exist methodologies, leveraging publicly accessible online tools, that enable identification of the corresponding name associated with a specific phone number. Securities and Change Fee (SEC).
It’s crucial for customers to remain vigilant against phishing, smishing, and online fraud by being cautious when receiving text messages only from trusted sources. Upon request, clients may opt to access the cellphone numbers associated with their incoming calls and text messages contained in the illegally obtained data.
As reported, the cyberattack on Snowflake has successfully targeted over 165 clients, with Mandiant, a Google-owned cybersecurity firm, attributing the incident to financially motivated threat actor UNC5537, comprising members mainly from North America, and collaborating with one additional member based in Turkey.
The cybercriminals are demanding a ransom ranging from $300,000 to $5 million in exchange for the compromised data. As new data emerges, it’s becoming increasingly evident that the aftermath of the cybercrime wave is expanding in magnitude and having a ripple effect.
In the wake of Wired’s expose last month, it emerged that the hackers responsible for the Snowflake data breaches acquired stolen Snowflake login credentials from dark web vendors offering illicit access to username/password combinations, as well as authentication tokens harvested by malware. The company successfully acquired entry through a third-party contractor, EPAM Systems.
This week, Snowflake announced that directors can now implement mandatory multi-factor authentication (MFA) for all customers, aiming to mitigate the risk of account takeovers. The feature will swiftly necessitate MFA for all users in newly established Snowflake accounts.
