[ad_1]
\n<\/p>\n
AT&T just confirmed a massive data breach in 2022 that impacted \u201cnearly all\u201d of its customers, according to a <\/em><\/a>. The company had over 110 million wireless subscribers in 2022 so, yeah, this is kind of a big deal.<\/p>\n The data breach allowed hackers to steal phone numbers, text data and phone records from these people which, once again, comprises nearly the entire customer base, myself included. AT&T says it will begin notifying consumers about the breach in the near future, committing to informing the 110 impacted million customers. The breach occurred during a six-month period from May 1, 2022 to October 31, 2022, though it looks like some data kept getting stolen up until January 2, 2023. This latter breach impacts a smaller, though unspecified, number of consumers.<\/p>\n Now, before you start worrying about that embarrassing text you sent an ex back in 2022, AT&T says the breach \u201cdoes not contain the content of calls or texts.\u201d However, it does include the phone numbers that an account interacted with, as well as a complete count of a customer\u2019s calls, texts and call durations, otherwise known as metadata. The time and date of the calls or texts were not included in the hack, according to AT&T.<\/p>\n However, the breach did include cell site identification numbers, which could \u201cpotentially allow for the triangulation of users’ locations,\u201d wrote Javvad Malik, a representative from cybersecurity awareness firm <\/a>, in a statement to Engadget. Malik also painted a grim picture of what could be done with the stolen metadata, writing that it \u201ccan paint a detailed picture of an individual’s daily life, habits, and associations, making it a valuable asset for those with malicious intent.\u201d<\/p>\n AT&T has <\/a> with information for customers about the breach and has disclosed the hack <\/a> issued before the market opened on Friday, July 12. The company says it learned of the issue on April 19 and that it has nothing to do with a <\/a>, in which customer data was published on the dark web.<\/p>\n So how did this happen? AT&T places the blame on its cloud data partner Snowflake, saying that the compromise occurred after hacks targeted its business customers. Snowflake allows corporate customers to store large amounts of customer data in the cloud for the purpose of analysis. AT&T hasn\u2019t stated any reason as to why it would want to analyze massive amounts of customer data or why it would store this data with Snowflake. A company representative declined to provide further information to TechCrunch<\/em>.<\/p>\n One thing is certain. AT&T isn\u2019t the only company recently burned by a Snowflake hack. Other impacted companies include Ticketmaster and QuoteWizard, among more than 160 others. Snowflake, for its part, has shifted the blame back to AT&T and the others, saying that each organization didn\u2019t use multi-factor authentication to secure their accounts. So, all 160+ companies forgot to turn on multi-factor authentication? You\u2019d think something like that would be mandatory when dealing with massive amounts of customer data but, well, I guess not.<\/p>\n The breach has been tracked back to an uncategorized cybercriminal group known only as UNC5537, according to <\/a>. That company suggests financial motivations behind the hack.<\/p>\n Despite the breach, AT&T says that the stolen data isn\u2019t publicly available at this time. It\u2019s currently working with law enforcement and says that \u201cat least one person has been apprehended.\u201d<\/p>\n This article contains affiliate links; if you click such a link and make a purchase, we may earn a commission.<\/p>\n<\/div>\n