AT&T, Ticketmaster and Hunter Strategy Respond to a Snowflake Data Stealth Attack on Verizon and other Data Breases
Verizon, Ticketmaster, Dell and Bank of America are among the other companies that have reported major data breaches this year, affecting millions of people altogether.
The company wrote that it first learned of the incident in April, but the U.S. Justice Department determined in May and again in June that “a delay in providing public disclosure was warranted” until now.
AT&T’s investigation found that an unspecified number of “threat actors” exfiltrated files in April containing the records of phone calls and text messages of “nearly all AT&T cellular customers” between May and October 2022, as well as a smaller number of customers on Jan. 2, 2023.
“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” it cautions.
Current and former users can check if their information is involved on a webpage the company has set up.
For those worried about potential online fraud, the advice is to not reply to a text that has personal details, and to make sure websites are secure by looking for the’s’ after ‘http’ in the address, as well as not replying to a text from an unknown sender.
It says that customers should forward any suspicions of fraud to AT&T, and report it to the team.
It said in March that it had reset the passcodes of about 7.6 million users after it discovered a dataset on the “dark web” containing Social Security numbers and other personal information of some 70 million current and former account holders.
The incident is significant because of its sheer magnitude and reach, but also because AT&T believes it’s the latest in a line of data thefts that resulted from attackers compromising organizations’ Snowflake cloud accounts. Snowflake is a data warehousing platform, and attackers collected its customers’ account credentials in recent months to steal hundreds of millions of records from about 165 Snowflake clients, including Ticketmaster, Santander bank, and LendingTree’s QuoteWizard.
Jake Williams is the vice president of research and development at Hunter Strategy. The threat actors stole were called data records. Intelligence analysis can be done because they allow someone to understand networks who is talking to whom. And threat actors have data from previous compromises to map phone numbers to identities. Even without data for a phone number, closed networks are always interesting because the numbers communicate only in the same network.