Millions Of AT&T Customer Call, Text Message Records Leaked
from the here-we-go-again dept
Hey, remember when the FCC tried to implement some really basic consumer privacy protections for wireless and broadband but AT&T convinced GOP Senators to kill those efforts before they could even take effect? Good times.
Anyway, AT&T has revealed that the detailed call and text message data of millions of customers were “illegally download” from a third-party cloud platform. According to the telecom giant, the data includes the phone numbers of “nearly all” AT&T customers, as well as a record of every number AT&T customers called or texted, when the communications happened, and how long the exchanges were.
Unlike a different recent leak of data from roughly 73 million AT&T customers to the open web (which the company tried to pretend somehow hadn’t happened), AT&T’s being far more up front about this breach, providing an entire website explaining the scope of the problem:
“At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended.”
On the plus side, the leak doesn’t seem to include the actual contents of the text messages and calls in question — that we know of. But the breach did reveal cell site identification numbers linked to the calls and texts, meaning physical user location data may have also been compromised.
It sounds like AT&T only discovered this latest attack after it began investigating its previous one, indicating that they might not ever have never known it happened if Troy Hunt, security researcher and owner of data breach notification site Have I Been Pwned, hadn’t revealed the first one.
It’s worth noting at this point that AT&T has been a relentless champion of dismantling any and all efforts to impose privacy oversight of telecom. You might recall that in 2017 the FCC finally imposed some basic privacy safeguards for wireless and broadband networks, that AT&T successfully lobbied GOP Congressmen to kill via the Congressional Review Act before they could even take effect.
That AT&T works in almost perfect synchronicity with the GOP to ensure that U.S. consumer protection (on privacy and everything else) is as broken and feckless as possible isn’t context most mainstream news outlets think is worth mentioning as important context.
Filed Under: breach, cell phone, consumers, data leak, fcc, hack, privacy, texts, wireless
Companies: at&t
Comments on “Millions Of AT&T Customer Call, Text Message Records Leaked”
Phew! What a relieve!
Well, maybe just a tiny little too late, but better than never.
And after all, nobody cares about 2 years old phone calls, right?
Wait.. more promises from AT&T that they never intended to keep?
shocking
The weirdness about there being a Nat Sec angle before the release…
We’re they just giving cover to the happy tappers or were they checking to see if we could locate Congress’s pimps & dealers?
Re:
Yes.
Is this the breach where they paid off the ransom, or was that the previous one?
Re:
This breach. 5.7 btc. (Or however bitcoin is styled @@)
Re:
That was ChangeHealthcare/Optum/United Healthcare, in Feb/2024. They fucked most of the medical billing world, then they decided to pay $22 million in ransom and it worked out exactly like everyone, except the dumbfucks in the C-suite at this shithole, knew it would.
But, they were trying to avoid consequences and what’s everyone’s unprotected PHI when there are profits to “earn”?!?!?!?!
These clowns were breached because of their own abysmal IT approach of “Fuck it, we’ll deal with that shit if it comes up”. Backups were not isolated, because REASONS!
Corporations know that customer data has value.
Courts have never valued customer data due to damage to private not being in common law or traditional equitable remedies. That leaves damage entirely by statute.
That’s why companies fight so hard for no privacy laws. No privacy laws, no damages, and being an oligopoly damage to reputation doesn’t matter.
The only way it can damage these companies is statutes that outlaw such malfeasance.
Re:
Data brokers are evil. They also gather and sell anything they can find out about you. I’d love to see a law like the GDPR here, but that may be impossible. Alternatively, I’d like to see these scourges wiped off the face of the earth.
Re:
That’s a lot of words to say, “Never”. 😉
NOTHING NEW HERE
This was forecasted so looonngggg ago.
What person over 6 and younger then God, could not notice or understand this was going to happen, NO MATTER what the F they said?
For every truth there are 10? Lies?
REALLY thats a small estimate.
Over the course of the last two breach discoveries, i’ve only heard the effect on customers of MVNOs that use AT&T’s network mentioned once – but in an unclear manner – on TV news (network or local, i don’t recall, it’s not my TV).
Is this facet of the issue not important to AT&T, the MVNOs, or journalists investigating the issue? One literally has to go searching to get the info from small/niche sites. (Yes, MVNO customers are affected in the current breach.)
Further, AT&T (as well as most outlets) refuses to mention the “third-party platform” (it’s Snowflake) which has failed to keep secure the data of several other companies as well.
The data will be available on the darknet soon -- if not already
It’s worth far more than the payoff AT&T handed off. FAR more.
That’s because it’ll enable traffic analysis: who talked/texted to who when and where. Intel experts (and anyone who’s studied their methods) know how to use this to detailed dossiers on everyone involved and use those to extrapolate patterns of movement and behavior. This in turn enables all kinds of nastiness: stalking, blackmail, etc.
The pricetag for this data is likely 8 figures (USD), and the people have it know that. The most likely use of the money from AT&T is to pay the operating costs necessary to get the big payoff — actually payoffs, plural, because of course this data can be sold multiple times.
There’s a downside, though: there are intel agencies on this planet who would love to have this data and some of them may be willing to kill for it. So while making a deal with the FSB for $15M might seem like a good move, it does comes with the risk of falling out of a fourth-floor window. (No loose ends, you see.)
'Who cares about my sponsor, we're talking about the danger of social media!'
How to tell that congress doesn’t actually care about privacy(for anyone but themselves): The same people that were/are hysterically hyperventilating about how dangerous social media and especially TikTok are will utter nary a peep about this and similar events, and will vehemently object should anyone even suggest that rules against data retention be considered to reduce the damage hacks like this can cause.
Re:
Not to mention that these people in government are, often, also the same people who demand workarounds to encryption – and swear that they and law enforcement should be trusted with that power, because obviously they’d be fully capable of making sure that power never ends up in the wrong hands.
Of course, don’t expect the same sort of reaction when it comes to their data. “If you have nothing to fear, you have nothing to hide” is for the proletariat.
AT&T sucks bill us high rates and hold us hostage for more money to keep showing the same thing over and over. Can’t even look at local news