BrianKrebsJul 12, 2024

ICYMI, AT&T has acknowledged that cyber thieves stole basically the phone bills for all of their customers. The data includes information you would see on a phone bill, including the source and destination of calls on your AT&T mobile device(s), and the same for SMS messages.

AT&T said it delayed disclosing the breach "on national security and public safety concerns." And we're learning now that the FBI has confirmed this.

AT&T's SEC filing says some cellular site tower information is also among the data accessed by the intruders, which could be used to determine the approximate location of where a call was made or text message sent.

This raises an important question: Was the AT&T customer data stolen from a law enforcement portal set up by AT&T? Sure seems like it.

https://techcrunch.com/2024/07/12/att-phone-records-stolen-data-breach/

AT&T says criminals stole phone records of 'nearly all' customers in new data breach | TechCrunch

The stolen data includes 110 million AT&T customer phone numbers, calling and text records, and some location-related data.

TechCrunch
Show threadBrianKrebsJul 12, 2024
There are so many fscked up issues here. For starters, AT&T says this data was stolen as a result of the Snowflake debacle, which involved huge buckets of corporate/customer data that were hosted on Snowflake but only secured with a username and password (no 2fa). It boggles the mind that anyone could consider mobile call records and associated location data as somehow undeserving of multi-factor authentication.
Show threadBrianKrebsJul 12, 2024
AT&T said the 110M customer records were not taken from a law enforcement portal, neither in whole or in part.
Show threadDrew Mochak
@briankrebs Whether or not it was exfiltrated from the portal itself seems like a separate question (AKA a dodge) from whether or not the data would have been retrievable were it not for law enforcement’s retention requirements.
Jul 12, 2024 at 6:17pmWeb