Hackers stole call and SMS data from almost all AT&T subscribers

The American telecommunications company AT&T has confirmed that its cloud platform has been hacked, as a result of which hackers gained access to the call and SMS data of “almost all” subscribers over several months. The stolen data primarily concerns calls and messages made between May and October 2022 and represents an unprecedented breach for AT&T and the telecommunications industry as a whole.

Image source: TheDigitalArtist / Pixabay

In the US, metadata showing which numbers customers interact with is generally available only to law enforcement agencies and only as part of an established legal process during investigations. In this case, the attackers managed to gain access to this information and steal it. The AT&T statement notes that police have already managed to detain a person believed to be involved in the hack.

«In April, AT&T learned that customer data had been illegally downloaded from our workspace to a third-party cloud platform. We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. We have also taken action to shut down the illegal access point. The investigation found that the compromised data included files containing AT&T call and text message records from nearly all AT&T cellular customers and mobile virtual network operator (MVNO) customers on the AT&T network, as well as AT&T landline customers who interacted with these cellular operators between May 1, 2022 and October 31, 2022,” AT&T said in a statement.

In addition, some of the data stolen by the hackers relates to calls made by AT&T subscribers since January 2, 2023, but in this case we are talking about a “very small number of customers.” In this case, the stolen metadata did not include timestamps of calls and SMS messages, i.e. hackers cannot see exactly when a subscriber dialed a particular number or sent messages. At the same time, attackers can see to which numbers calls were made and messages were sent. The data does not include the caller’s full name, but it is often possible to link a phone number to a specific person using publicly available online tools. The company also noted that it does not have information about whether the stolen data was published publicly.