Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security AT&T Privacy

AT&T Says Criminals Stole Phone Records of 'Nearly All' Customers in New Data Breach (techcrunch.com) 82

U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of "nearly all" of its customers. TechCrunch: In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages -- such as who contacted who by phone or text -- during a six-month period between May 1, 2022 and October 31, 2022. AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller but unspecified number of customers.

The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T's network, the company said. [...] In all, the phone giant said it will notify around 110 million AT&T customers of the data breach, company spokesperson Andrea Huguely told TechCrunch.

This discussion has been archived. No new comments can be posted.

AT&T Says Criminals Stole Phone Records of 'Nearly All' Customers in New Data Breach

Comments Filter:
  • by echo123 ( 1266692 ) on Friday July 12, 2024 @06:48AM (#64620641)

    Does "ALL customers" include the NSA? [theintercept.com]

    • by Baron_Yam ( 643147 ) on Friday July 12, 2024 @06:58AM (#64620655)

      I was going to say... there's already a backdoor so massive in AT&T that it should probably be called NS&A.

      • I was going to say... there's already a backdoor so massive in AT&T that it should probably be called NS&A.

        There's good reason the Death Star [wikipedia.org] was modeled upon the ATT logo. [wikipedia.org]

        • by ShanghaiBill ( 739463 ) on Friday July 12, 2024 @07:55AM (#64620785)

          There's good reason the Death Star [wikipedia.org] was modeled upon the ATT logo. [wikipedia.org]

          Except that AT&T didn't use that logo when Star Wars was made, and the company now known as AT&T didn't exist either.

          • That one of the downsides to the internet was when you had fun little stories that were probably not true you could very quickly prove that they weren't true. So that it took a bunch of the fun and mystery out of the world.

            I remember thinking at the time that the upshot to that was there would be a lot less misinformation overall especially around important things.

            These days it seems like we got the worst of both worlds. Funny little stories like the death Star being modeled after AT&t's logo get
            • The difference is that masks have become a tribal issue.

              People don't care about facts when they are signaling tribal allegiance.

              • Don't take the bait.

                Notice how he didn't actually mention covid?

                • Don't need to. Masks work on all respiratory illnesses. There are entire strains of the flu that are just gone now because a little bit of mask wearing.
            • Bait post. This is an AT&T article, and you're trying to get people to argue with you over masking.

              • No bait. It's just the most obviously wrong opinion of the far right-wing extremists. It's the one where they gave up on science and reality to protect their orange tyrant. If that upsets you you should probably stop worshiping a fat orange tyrant. What you've tied so much of your identity to him at this point that's going to be tough. Good luck
          • by mspohr ( 589790 )

            So... ATT was inspired by the Death Star and modeled its logo after it?

            • So... ATT was inspired by the Death Star and modeled its logo after it?

              Yes. Yes, that's what I meant all along.

          • I held a successful, well attended, and fun poker game for a decade.

            Our rule: No internet in an argument. If you thought somebody was bullshitting or wrong, you had to counter the old fashioned way. Assertion and bluster. You were not permitted to race off to the internet to prove or disprove anything.

            I saw front line guys from work look across he table at a VP-level of the company 4 tiers above him and say, "You're a fucking liar! And here's why!"

            That was awesome.

            And if you're wondering about career ramifi

        • by Merk42 ( 1906718 )
          It's the other way around. The Death Star appeared in 1977, the globular AT&T logo wasn't until 1983.
      • by nehumanuscrede ( 624750 ) on Friday July 12, 2024 @10:47AM (#64621215)

        It's not a backdoor, it's a front door.

        This isn't the NSA being sneaky about it or anything. With the blessings of AT&T, NSA hardware sits in selected AT&T Central Offices behind locked doors that no AT&T tech is allowed to access.

        See the link if you haven't been keeping up: https://en.wikipedia.org/wiki/... [wikipedia.org]

        • With the blessings of AT&T, NSA hardware sits in selected AT&T Central Offices behind locked doors that no AT&T tech is allowed to access.

          I sincerely wonder if the results have been worth the abridgement of our Freedoms? I haven't heard of anything useful to the public as a whole ever coming out of the wholesale wiretapping of the general populace.

    • But for I dunno the past decade I've been hording data dumps and have at times indexed portions of it and made estimates what it would take to index all of it.

      The past few years have been brutal and the amount of public dumps have been getting pretty big but before Covid it would have only taken about 10k on craigslist and there was enough data to be some sort of tiny NSA. I kept this information close to the chest because who the fuck wants that kind of power in the hands of literally every tom dick and

  • by gweihir ( 88907 ) on Friday July 12, 2024 @07:04AM (#64620667)

    That sucks! Otherwise they could just simply have continued their obviously extremely shoddy and chap practices...

    • Yeah, I was thinking that they got to be just saying this to cover all the data they already gave a way for free and any data they sell off as a regular course of business. So, all good now right? All stolen by criminals, got it. Asking if the door was locked at all would be met with blank stares, I'm guessing.

  • There is only so much mental bandwidth that the leadership can provide. Anything a company does that is not aligned with their core product runs the risk of diluting their ability execute successfully.

    I think the recent spate of serious failings by companies is due to attention being spent on tax avoidance planning, contributing to political campaigns, and virtue signaling efforts.

    Mistakes happen, but I think what we are seeing is fundamentally broken corporate culture. Putting out a solid product has eff

    • by DarkOx ( 621550 )

      I think you are really on to something here. There was a time when the 'blue chip' industrials spent their time on production and delivery like you say. To the extent they got into politics it was push to push an issue, not a party, not philosophy. Which isn't to say that a particular issue did not on occasion become a pet issue of a particular candidate, and lead them to act for or against their behalf; but getting into politics wasnt the goal it was a means to and end.

      Standard Oil for example was not

      • You can trace this to public policy, it's true. Laissez-faire oversight, lack of public liability, laser focus on Wall Street, in ability to establish digital borders, all these permit the compromise of fundamental responsibility to customers, the public, all with no repercussion.

        Instead of focusing on the obvious problems confronting them, Congress themselves are focused on all-important campaign financing, bickering, blockage, and finger pointing instead of protecting the citizenry.

        And they feel no shame.

      • by Bongo ( 13261 )

        they say that when you mix science and politics you get politics.

        Maybe it's the same for business.

        But I've also heard of another factor, which is globalisation, which has a component of the possibility of THE world government, and whilst that wasn't really going anywhere on its own, because the nation state is foundational for the modern era, they gradually started getting corporations more involved, because think of the advantage which corporations could gain by manipulating world and global rules, versus

      • by JBMcB ( 73720 ) on Friday July 12, 2024 @08:32AM (#64620883)

        There was a time when the 'blue chip' industrials spent their time on production and delivery like you say. To the extent they got into politics it was push to push an issue, not a party, not philosophy.

        In the mid 1990s Microsoft had a grand total of two lobbyists. After a massive lawsuit over bunding Internet Explorer with Windows, they have an entire lobbying office in DC, along with donating to various PACs.

        The cynical would say they weren't seen as spending enough on lobbying, so the government nudged them a bit.

      • For some reason though in 2024, its just so important for an Automaker, or a retailer, etc to show their support for pride month, and e-mail provider feels they owe us a position paper on Ukraine or Gaza, and worse think its a good idea to commit the corporate entity to such a position... I am with you its clearly take their eyes off the prize, and its not only self destructive, its destabilizing to society at large; creating all sorts of strange boycott movements, de-banking nonsense, leading anti-trust violations like WFA/GARM that mess with public discourse.. Not good. Business should STFU and stick to business.

        One of the best examples was the Gillette be the best man you can be effort, which was a horrible bit of misandry, promoting that even talking to a woman was misogyny.

        Seriously, a company thought that laying hateful shade on their primary customers was a smart sales tactic?

        Or Disney, which has managed to lose an awful lot of money by producing so called "woke" movies and TV, clumsy and unentertaining swill, chock full of misandry and other far left touchstones, with storytelling that was worse than t

        • by DarkOx ( 621550 )

          Well I'll give at least Disney a little credit, and possibly Gillette.

          Gillette at least ran an ad that had a razor blade in it. Advertising has always needed a hook where otherwise commodity products are concerned. They reached for the wrong place there, veering into social commentary rather then continuing to try to get us to associate their products with things like super-sonic aircraft..

          Disney may be someone forgiven as well. They are media company part of that is the whole art/life life/art thing and f

          • Their 'sin' is not seeing that New Star Wars is a 'New Coke' and doing the about face they ought to.

            It's also just the fact that big companies are slow to move and we have to look at the decisions at the time they were made, not from 2024.

            When Disney buys Lucasfilm for like $4B they need an ROI on that so they took the "give the people what they want" which at the time was "everyone hates the prequels for their boring politics and George Lucas weirdness" so to most people at the time what it felt like the public wanted from SW was "more SW, more XWings, more lightsabers, more nostalgia" so we get The Forc

            • Their 'sin' is not seeing that New Star Wars is a 'New Coke' and doing the about face they ought to.

              It's also just the fact that big companies are slow to move and we have to look at the decisions at the time they were made, not from 2024.

              When Disney buys Lucasfilm for like $4B they need an ROI on that so they took the "give the people what they want" which at the time was "everyone hates the prequels for their boring politics and George Lucas weirdness" so to most people at the time what it felt like the public wanted from SW was "more SW, more XWings, more lightsabers, more nostalgia" so we get The Forc

              • they are hemorrhaging money

                Um, Disney as a company has earned a profit in each of the last 3 years and into 2024 (https://www.macrotrends.net/stocks/charts/DIS/disney/gross-profit). So I can't take anything else you said seriously because you don't seem to have any idea what you are talking about.

                • they are hemorrhaging money

                  Um, Disney as a company has earned a profit in each of the last 3 years and into 2024 (https://www.macrotrends.net/stocks/charts/DIS/disney/gross-profit). So I can't take anything else you said seriously because you don't seem to have any idea what you are talking about.

                  You really need tyo expose the lies we have been told. Here - https://www.forbes.com/sites/c... [forbes.com]

                  Or this - https://www.forbes.com/sites/c... [forbes.com]

                  Oh citizen with the real truth - You must go to the people and inform them that Disney is rolling in cash - a truly profitable busionoess, and that those pages are fake news, They don't believe me any more since you ruined my reputation - quite legitimately, and no doubt.

                  Or if those people aren't lying as you say I am - show us where they came up with the more

              • I think the common thread between all those successes (Joker, Barbie, Oppenheimer, etc) is just down to creative vision. All 3 of those films, like or not, they are in fact an authentic creative work by people trying to make one and filmmaking is putting an idea through a process. A writer and director made a creative work and the studio plays its part to get it made but authentic nonetheless. Same reason people will always see movies made by Nolan or Tarantino or Robert Eggers, people know they're gonna

                • I think the common thread between all those successes (Joker, Barbie, Oppenheimer, etc) is just down to creative vision. All 3 of those films, like or not, they are in fact an authentic creative work by people trying to make one and filmmaking is putting an idea through a process. A writer and director made a creative work and the studio plays its part to get it made but authentic nonetheless. Same reason people will always see movies made by Nolan or Tarantino or Robert Eggers, people know they're gonna see something that, even if they don't like it it'll be interesting.

                  Yes. The writer director creative vision process takes us into the mind of both, and yes, it can make really interesting movies.

                  Audiences can sniff out when there was too much studio work, too much interference.

                  I've been led to understand that the present day Disney process is to take multiple versions of most scenes, and then piece them together based on screening. As well as a lot of reshoots. And the results seem to indicate that.

                  Same reason people have begun to grow weary of Marvel, the phase 1 and 2 had some real creative talent who were able to set the groundwork (John Favreau, Joe Dante, Kenneth Branaugh) that then turned that into a cinema machine, pumping them out like a factory.

                  Yes, they beat that series to a pulp.

                  I think Filoni "gets" SW but the question is if Disney let's him actually do anything interesting with it.

                  If they wish to continue Star Wars, the first thing is to pay some good writers. then they need to Step away from the s

            • Three films later? Fan backlash hit immediately with episode 8. That's at most two films later, and only if you count Rogue One.

              • I am counting Rogue 1 which was generally viewed pretty favorably. TLJ to me really felt like big break for Disney SW and then 1-2 punch of RoS and Solo (which I thought was better than most gave it credit for) really put them on the backfoot. Maybe with Filoni more in charge they can get the ship righted.

    • Tax avoidance planning, contributing to political campaigns, and virtue signaling efforts.

      These are the goals of any Master of Business. If you want a thing or service, seek masters of craft of the product you want. Or mediocre, your choice.
      MBAs don't make but money and clear the path for it. Our culture thinks this is great, because wealth.
      This is by design.

  • by Somervillain ( 4719341 ) on Friday July 12, 2024 @07:41AM (#64620731)
    New ransome scheme: Hey buddy...got a report on your phone records. How about you send me ? dollars worth of bitcoin and I won't send the phone usage report to everyone you've called or texted? While the majority of us have nothing to hide, I'd say a small percentage don't want their wives knowing how frequently they call or text a number or 2 on the report, especially after 8pm.

    My former neighbor got caught this way. He had a thing for prostitutes, according to his ex-wife. The phone was in his name, but she went to the local Verizon store and asked to get the bills printed...then had details of all the people he was texting. Although in fairness, she first figured out because the dumbass was doing shitty things over SMS and lent his 3yo daughter his iPad as an electronic babysitter...and the sexts started flowing in while the wife was helping the daughter watch cocomelon.

    So?...not sure much was lost, but that data is more useful than most would think originally...at least for POS criminals.
    • The real crime was parents letting their kid watch cocomelon.

    • PSA: Never call or text a mistress

      Always use a burner phone. Get one from the other market segment so you have one iPhone and one Android.

      When your wife asks about the other phone say you're moonlighting creating a phone app and that it is for both iPhone and Android. When she asks how the app is going just say that app development stuff is a lot harder than you thought and it'll take a lot more time.

  • by Fortnite_Beast ( 10429778 ) on Friday July 12, 2024 @07:45AM (#64620749)
    Why would AT&T need to use a cloud provider to store this data? It seems like they are a large enough company to handle the data on their own.
    • Comment removed based on user account deletion
      • by ksw_92 ( 5249207 )

        Verizon hasn't allowed their copper outside plant to literally rot in place.

        No, they just sold most of it to Frontier, which IS letting the copper rot. To be fair, so much of the copper telco infrastructure is so old that it's cheaper to run new fiber to the premise instead of reconditioning copper loops. UTP copper is pretty much dead, with voice being replaced by wireless in low-density applications and fiber for higher-density applications.

        The guys that look good right now are the cablecos. With FTTN, amp and tap upgrades on the coax side to support things like DOCSIS 3.1, they

  • Special Snowflake (Score:5, Insightful)

    by Retired Chemist ( 5039029 ) on Friday July 12, 2024 @07:47AM (#64620759)
    This is what happens when you send your data to a cloud service that is then hacked. As soon as you send your information to a third party, you lose control it. It does not matter how good your security systems are, if your data is being protected (or not protected in this case) by someone elses.
    • Re:Special Snowflake (Score:5, Interesting)

      by Spinlock_1977 ( 777598 ) <Spinlock_1977&yahoo,com> on Friday July 12, 2024 @08:39AM (#64620901) Journal

      Encryption at rest would likely help. We're implementing it where I work, and it makes the data files useless to anyone who doesn't have the key(s). And keys are protected behind a different set of security barriers. I'm suprised AT&T hasn't made some noise about implementing it. I guess they don't care about security quite as much as their marketing droids proclaim.

      • by Bert64 ( 520050 )

        Data is very rarely stolen at rest, aside from the occasional hard drive that makes its ways onto ebay without being wiped.

        Systems tend to be hacked while they are online, so even if the data is technically encrypted on disk the keys are loaded so that the system can access the data in order to do its job.

      • Encryption at rest would likely help.

        No sir. Encryption at rest only help when stealing a "dead" version of the data. It is explicitly unencrypted to a "live" server. To be more clear, the data on the disk absolutely is encrypted; however, in order for the computer to use it, it must have the decryption routine running to actually allow the computer to process the data. If you speak to a server that has data encrypted on its hard drive, the computer decrypts and then gives it to you as requested.

    • This is what happens when you send your data to a cloud service that is then hacked. As soon as you send your information to a third party, you lose control it. It does not matter how good your security systems are, if your data is being protected (or not protected in this case) by someone elses.

      Funny how something people need to hear loud and often is modded redundant when it should be at +5 informative.

    • Back in my day large companies were perfectly capable of failing to protect personal data in-house.

    • Heh.

      Wait till I tell you that many Sys and Network admins for AT&T are sitting in overseas call centers making pennies on the dollar per day.
      The directory we utilize can look up anyone in the company. A search for offshore employees just within one specific Country famous for
      being the go-to area because they're cheaper returns more hits than the online portal can even handle.

      IMO, horrible compensation + access to useful / valuable data = a security nightmare waiting to happen.

      If someone offered you $10

  • by smooth wombat ( 796938 ) on Friday July 12, 2024 @07:49AM (#64620763) Journal

    "We value your privacy and take security very seriously."

    • by genixia ( 220387 )

      So seriously that when they irrevocably lose control over my private contact list, they'll offer me a year's free credit monitoring for it.

      That seems to be the accepted norm nowadays for fucking up and exposing private data to criminals. Lose your financial information? Free year! Lose your contact list? Free year! Lose your medical data? Free year!

      Congress needed to grow some balls to hold CEO's accountable about 15 years ago. It's too late now, the horse is out of the barn.

  • by Anonymous Coward

    We appreciate your fine work ~NSA

  • What about people who roam on AT&T? Like Canadians?
  • by grasshoppa ( 657393 ) on Friday July 12, 2024 @09:25AM (#64621013) Homepage

    We're talking a ridiculous amount of data. Is their security infrastructure so weak that they missed this somehow?

    That level of incompetence rises to actionable. So who are the real criminals?

    Every day I'm thankful swore off doing business with AT&T over a decade ago.

    • So, one thing I should mention here is the fact that AT&T is no longer hiring full time employees because they have discovered contractors are far, FAR cheaper.
      They simply swap them out every two years when the laws mandate their dismissal. ( Contractors are typically short term NTE two years )

      Even though they are typically paid more than a full time employee:

      They can be dismissed on a whim.
      No benefits, vacation, sick time, retirement or pesky Union rules to deal with.
      I should also mention that trainin

  • by ZipNada ( 10152669 ) on Friday July 12, 2024 @09:44AM (#64621049)

    "Snowflake blamed the data thefts on its customers for not using multi-factor authentication to secure their Snowflake accounts, a security feature that the cloud data giant did not enforce or require its customers to use. "

    Was MFA was made available by Snowflake and AT&T didn't use it? If so, inexcusably dumb.

    • by Zemplar ( 764598 )

      "Snowflake blamed the data thefts on its customers for not using multi-factor authentication to secure their Snowflake accounts, a security feature that the cloud data giant did not enforce or require its customers to use. "

      Was MFA was made available by Snowflake and AT&T didn't use it? If so, inexcusably dumb.

      Exactly that. MFA has been available in Snowflake for some time.

  • That a fork of glibc in the wild actually exists that was specifically developed to mount netBEUI....

  • They failed to inform their customers when the hack happened and how long they waited to report to the authorities. I vaguely remember Congress pass some legislation requiring a time window to report such incident.
  • After the February outage I got $5 for the inconvenience.

  • So it took them almost 2 years to find the breach it or 2 years before they told anyone?
  • At this point I'm not sure who to believe. This data would be extremely useful to 3 letter agencies, more so than to a hacker looking to hawk it for pennies on the megabyte on the dark web. Was it a hacker? Was it a 3 letter agency? Was it AT&T taking it on the chin while cooperating with a 3 letter agency? I hate sound like a conspiracy nut, but come on, do companies NEVER LEARN how to secure their data?

  • Now they have the data for all those spam texts and calls I get.
  • Rob Braxman has a solution to improve your privacy:
    https://youtu.be/6mBTMxYcURs?s... [youtu.be]

  • Some law firm filing a class action is going to own AT&T after this.

  • There are too many data breaches, where the company just shrugs, and ssys "oops". There comes a time when the government needs to charge them with malfeasance, or whatever other crime comes from deliberate carelessness.

The goal of Computer Science is to build something that will last at least until we've finished building it.

Working...