AT&T leaked your wireless data. Here’s what to watch out for

Data leaks and breaches have become relentless—and huge. This week sees yet another one hit the news, with AT&T revealing that call and text message data logs for almost all wireless customers were stolen.

Disclosed via a securities filing on Friday, the data spans a six-month period between May 1 and October 31, 2022. Logs that showed phone numbers texted or called by AT&T wireless subscribers were downloaded, as well as call length and frequency of interaction with contacts. Currently, AT&T says that neither communication content nor exact times of contact are not part of the breach. Stolen call data is also limited to U.S. and Canadian numbers.

The hack affects nearly all of AT&T’s subscriber base during that time, around 110 million users based on active devices on the network, and including users with affiliated virtual operators (MNVOs) like Cricket and h2o Wireless. Records from January 2, 2023 were also accessed for a small slice of users, as was specific cell phone tower usage. The latter can allow bad actors to extrapolate the location for individual phone numbers. 

AT&T says Snowflake, a third-party cloud storage service recently at the center of the Ticketmaster data breach in May, was the source of the data breach. Snowflake has since said its platform shows no unauthorized access.

You can read more about the breach in CNN’s rundown, including details about the delay in disclosure—initially aware of the breach by late April, AT&T held its filing until the FBI conducted an analysis of the stolen data for potential risks to national security. AT&T also says it does not believe the data has been released publicly yet, unlike the company’s huge leak of landline customer data, which included social security numbers.

You can get a heads-up on your info hitting the dark web through services like Google, which recently announced it would offer this feature for free.

PCWorld

In the meanwhile, while we wait to see if the data does eventually leak, you can take preventative steps to protect yourself and your online presence:

Screen carefully for scam attempts. With dark web records available to correlate your phone number with your name, address, date of birth, email address, location, and more, you can’t assume that if someone uses specific information about you when getting in touch, that they’re legitimate and trustworthy. Take an extra moment to consider whatever communication you just received. If it’s urgent, you still have time to look up the official number for the organization that called you. Or, if it’s someone you know, call them back directly. Use verified and legitimate methods of contact as you follow-up on the messages. You can also ask for a gut check from a level-headed friend or family member.

Watch for signs of identity theft. The more details someone has about you, the easier it is for them to impersonate you when trying to open banking and credit cards (among other grifts) in your name. Keep an eye out for mail about new accounts, already filed taxes, and other indicators that someone’s impersonating you.

Use passkeys and unique passwords to secure your online accounts. Passkeys are a simple and more secure method to protect an online account, but if a website or service doesn’t support them, upgrade your password to a unique, random, and strong version instead. Don’t reuse existing passwords or weak ones—with so many leaked passwords available, it’s easy work for a hacker to break past them. (That’s especially so if you’ve been using personal information as part of your passwords, due to all these dang data breaches and leaks.) You can keep track of both passkeys and passwords with a password manager.

Enable two-factor authentication on accounts whenever possible. Two-factor authentication adds another layer of protection to your online accounts. Even if someone guesses your password, they’ll still need to get past this second checkpoint before gaining access.

As additional measures, it’s wise to lock down your social media accounts—by not publicly sharing your whereabouts and habits from snoops, it gives them less material to use when trying to enact scams. You can also preemptively switch to encrypted forms of communication, if you’re concerned about the contents of your chats getting revealed. 

So far, data breaches haven’t yet spilled the beans on the full intimate details of our personal lives—but at the rate that these keep piling up (and their scope), it seems like a matter of time before the messy details of our lives become revealed without permission.

Security Software and Services

Data leaks and breaches have become relentless—and huge. This week sees yet another one hit the news, with AT&T revealing that call and text message data logs for almost all wireless customers were stolen.

Disclosed via a securities filing on Friday, the data spans a six-month period between May 1 and October 31, 2022. Logs that showed phone numbers texted or called by AT&T wireless subscribers were downloaded, as well as call length and frequency of interaction with contacts. Currently, AT&T says that neither communication content nor exact times of contact are not part of the breach. Stolen call data is also limited to U.S. and Canadian numbers.

The hack affects nearly all of AT&T’s subscriber base during that time, around 110 million users based on active devices on the network, and including users with affiliated virtual operators (MNVOs) like Cricket and h2o Wireless. Records from January 2, 2023 were also accessed for a small slice of users, as was specific cell phone tower usage. The latter can allow bad actors to extrapolate the location for individual phone numbers. 

AT&T says Snowflake, a third-party cloud storage service recently at the center of the Ticketmaster data breach in May, was the source of the data breach. Snowflake has since said its platform shows no unauthorized access.

You can read more about the breach in CNN’s rundown, including details about the delay in disclosure—initially aware of the breach by late April, AT&T held its filing until the FBI conducted an analysis of the stolen data for potential risks to national security. AT&T also says it does not believe the data has been released publicly yet, unlike the company’s huge leak of landline customer data, which included social security numbers.

You can get a heads-up on your info hitting the dark web through services like Google, which recently announced it would offer this feature for free.

You can get a heads-up on your info hitting the dark web through services like Google, which recently announced it would offer this feature for free.PCWorld

You can get a heads-up on your info hitting the dark web through services like Google, which recently announced it would offer this feature for free.PCWorld

PCWorld

In the meanwhile, while we wait to see if the data does eventually leak, you can take preventative steps to protect yourself and your online presence:

Screen carefully for scam attempts. With dark web records available to correlate your phone number with your name, address, date of birth, email address, location, and more, you can’t assume that if someone uses specific information about you when getting in touch, that they’re legitimate and trustworthy. Take an extra moment to consider whatever communication you just received. If it’s urgent, you still have time to look up the official number for the organization that called you. Or, if it’s someone you know, call them back directly. Use verified and legitimate methods of contact as you follow-up on the messages. You can also ask for a gut check from a level-headed friend or family member.

Watch for signs of identity theft. The more details someone has about you, the easier it is for them to impersonate you when trying to open banking and credit cards (among other grifts) in your name. Keep an eye out for mail about new accounts, already filed taxes, and other indicators that someone’s impersonating you.

Use passkeys and unique passwords to secure your online accounts. Passkeys are a simple and more secure method to protect an online account, but if a website or service doesn’t support them, upgrade your password to a unique, random, and strong version instead. Don’t reuse existing passwords or weak ones—with so many leaked passwords available, it’s easy work for a hacker to break past them. (That’s especially so if you’ve been using personal information as part of your passwords, due to all these dang data breaches and leaks.) You can keep track of both passkeys and passwords with a password manager.

Enable two-factor authentication on accounts whenever possible. Two-factor authentication adds another layer of protection to your online accounts. Even if someone guesses your password, they’ll still need to get past this second checkpoint before gaining access.

As additional measures, it’s wise to lock down your social media accounts—by not publicly sharing your whereabouts and habits from snoops, it gives them less material to use when trying to enact scams. You can also preemptively switch to encrypted forms of communication, if you’re concerned about the contents of your chats getting revealed. 

So far, data breaches haven’t yet spilled the beans on the full intimate details of our personal lives—but at the rate that these keep piling up (and their scope), it seems like a matter of time before the messy details of our lives become revealed without permission.

Security Software and Services Read More