Google Pixel 9 Pro with $200 Amazon Gift Card!

Customers of AT&T MVNOs such as Boost, Cricket, and Straight Talk also impacted by data breach

By
1comment
Customers of AT&T MVNOs such as Boost, Cricket, and Straight Talk also impacted by data breach
On Friday we told you that AT&T customers were the victims of another data breach after the one in April that impacted 71 million subscribers. This time, the hacking involved customer data stored with third-party cloud platform Snowflake. The latter has not done a good job lately of protecting the data entrusted to it since companies using Snowflake, such as Ticketmaster, Neiman Marcus, Santander, and others, also had their accounts hacked and data stolen.

The data belonging to AT&T stolen from Snowflake includes records of customer calls and texts. The hackers stole the records between April 14 and April 25 of this year and the info stolen included data generated by calls and texts made from May 1 to Oct. 31, 2022, including the phone numbers involved and the duration of the calls. That data plus cell site identification numbers from the day of Jan. 2, 2023, were also taken.

We now know that AT&T ended up paying one of the hackers involved in the data breach a ransom of 5.7 bitcoins valued at over $370,000 to delete the stolen records. The carrier was given a video of the deletion taking place as proof that it was done. A new report points out that the data breach affected not just AT&T customers, but also customers of mobile virtual network operators (MVNOs) who use AT&T's network since they don't have one of their own. These companies include Boost Mobile, Cricket Wireless, H2O, and Straight Talk Wireless.

While AT&T told me Sunday evening that they believe the data swiped from Snowflake is no longer publicly available (which would be due to the more than $370,000 paid to one of the hackers to have the files deleted), experts warned that the data from January 2nd, 2023, which included cell site identification numbers, could have been used to compute customer addresses based on the triangulation of data.

Recommended Stories
"The inclusion of cell site identification numbers in the stolen data is particularly alarming, as it could potentially allow for the triangulation of users' locations. This adds a physical dimension to the already extensive privacy violation and could expose individuals to highly targeted and convincing social engineering attacks, not to mention compromising the physical security of individuals, such as those trying to escape abusive relationships."-Javvad Malik, lead security awareness advocate at KnowBe4

The more basic metadata taken could still have been used for phishing attacks, identity thefts, and other malicious deeds according to Javvad Malik, lead security awareness advocate at KnowBe4. So if you're an AT&T customer or a subscriber to one of the aforementioned MVNOs, you should be hoping that AT&T is correct and that the data taken from Snowflake was deleted and cannot be used to scam subscribers. As usual, use common sense when receiving an email or phone call that asks for your personal data such as social security numbers, passwords, and PINs.
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

U.S. government warns Galaxy phone users to install update by this date or stop using their devices
U.S. government warns Galaxy phone users to install update by this date or stop using their devices
This could be a wild month for T-Mobile with happy outcome for customers but not for employees
This could be a wild month for T-Mobile with happy outcome for customers but not for employees
T-Mobile pleads with FCC to let it buy another company, arguing everyone will be better off
T-Mobile pleads with FCC to let it buy another company, arguing everyone will be better off
At $101 off, the charming Pixel Tablet sells like hot cakes on Amazon
At $101 off, the charming Pixel Tablet sells like hot cakes on Amazon
Early adopters show overwhelming preference for two Pixel 9 models
Early adopters show overwhelming preference for two Pixel 9 models
Amazon increases its discount on the Moto G Stylus 5G 2023, bringing the phone to new all-time low price
Amazon increases its discount on the Moto G Stylus 5G 2023, bringing the phone to new all-time low price

Latest News

Google Drive gets new option to save scanned documents as JPEGs
Google Drive gets new option to save scanned documents as JPEGs
The remarkable Razr+ (2023) returns to its best price at the Motorola Store
The remarkable Razr+ (2023) returns to its best price at the Motorola Store
Microsoft to bring Age of Empires to mobile in October
Microsoft to bring Age of Empires to mobile in October
Judge blocks the launch of Venu Sports at Fubo’s request
Judge blocks the launch of Venu Sports at Fubo’s request
Google is warned by a federal judge that he will order that changes be made to the Play Store
Google is warned by a federal judge that he will order that changes be made to the Play Store
Apple could unveil two new AirPods variants alongside the iPhone 16 line next month
Apple could unveil two new AirPods variants alongside the iPhone 16 line next month
FCC OKs Cingular\'s purchase of AT&T Wireless