# AT&T Data Breach Exposes Customer Phone Records and Metadata
## Stolen Data and Potential Risks
On Friday, AT&T revealed that cybercriminals had stolen the phone records of “nearly all” its customers, affecting around 110 million people. The stolen data included records of phone numbers called and texted, as well as the total count of calls and texts, and call durations. However, the stolen data did not include the content, time, or date of the calls or texts. While this breach is concerning, it’s important to note that the stolen data is typically referred to as metadata, as it only includes information about the calls and texts rather than their contents.
## Location Tracking and Sensitive Information
In addition to the phone records, the cybercriminals were able to steal cell site identification numbers linked to phone calls and text messages. This information could potentially allow someone to determine the approximate location of a customer when they made a certain call or sent a text, revealing sensitive details about their lives. Rachel Tobac, a social engineering expert, emphasized that this breach could expose personal information like where someone lives, works, and spends their free time, as well as secret communications, affairs, or crime-based conversations. This highlights the severity of the situation for those affected.
## Snowflake Breach and Attribution
AT&T attributed the incident to a recent breach at cloud service provider Snowflake. Mandiant, the cybersecurity firm hired by Snowflake to investigate, identified a financially motivated cybercriminal group known as UNC5537 as responsible for the breach. It’s worth noting that other companies like Ticketmaster, Santander Bank, and LendingTree subsidiary QuoteWizard were also affected by the Snowflake breach. The connection between the Snowflake breach and the AT&T data breach underscores the interconnectedness of cyberattacks and how one breach can have far-reaching consequences.
## Impersonation and Social Engineering Risks
Tobac warned that the stolen metadata makes it easier for cybercriminals to impersonate people customers trust, increasing the risk of social engineering or phishing attacks against AT&T customers. With access to information about who customers are likely to communicate with, how long they communicate, and potentially where they were located during those conversations, hackers can create more convincing and targeted attacks. This highlights the need for improved security measures from telecom companies to protect their customers’ data.
## Privacy Concerns and Call for Action
Experts like Runa Sandvik, founder of Granitt, emphasized the importance of personal privacy and expressed anger towards the telcos for not doing enough to protect customer data. Sandvik highlighted that even seemingly mundane information like who you talk to, when, and how often is personal and should remain private. Sandvik suggested that using encrypted chat apps like Signal and WhatsApp, which have a track record of protecting user data, could be better for security. Sandvik also acknowledged that higher-risk individuals, including survivors of domestic abuse, may need to consider changing their numbers or using different providers to safeguard their identities.
## Business and Intelligence Risks
Jake Williams, a cybersecurity expert and former NSA hacker, pointed out that the AT&T breach poses a greater risk for businesses and intelligence targets. Threat actors can use the stolen data to create patterns of life, providing valuable insights for intelligence analysts. Williams also raised concerns about the potential combination of this data with other breaches, as previous AT&T incidents have mapped customer phone numbers to other identifying information. This could simplify the weaponization of the newly compromised data and pose additional risks.
## Government Surveillance and National Security
The revelation of this data breach brings attention to the controversial practice of obtaining customer metadata for intelligence purposes. Documents leaked by Edward Snowden over a decade ago revealed that the U.S. National Security Agency collected customer metadata from Verizon on a daily basis. The U.S. government has defended this practice as essential for counterterrorism efforts. However, the breach serves as a reminder that telcos are often targeted by foreign services seeking to identify potential intelligence sources and assets. The stolen data can be a gold mine for understanding social connections and developing human sources.
In conclusion, the AT&T data breach exposes the vulnerability of customer phone records and metadata, highlighting the risks of impersonation, social engineering, and privacy invasion. It emphasizes the need for improved security measures from telecom companies and raises concerns about the combination of breached data with other information. The breach also sheds light on the controversial practice of collecting customer metadata for intelligence purposes, revealing the potential for misuse and exploitation.