Massive Snowflake-linked attack exposes data on nearly 110M AT&T customers

• A cyberattack targeting AT&T’s Snowflake environment compromised data on nearly all of the telecom provider’s wireless customers, the company said in a Friday filing with the Securities and Exchange Commission. Nearly 110 million customers are impacted, according to AT&T’s annual report for the period of compromised data.
• Data stolen during the intrusion includes records of AT&T customers’ calls and text messages spanning a six-month period ending Oct. 31, 2022, and records from Jan. 2, 2023, the company said in the SEC filing.
• The attack did not expose the content of calls or text messages, customer names or personally identifiable information, according to AT&T. Yet, the stolen records include the phone numbers AT&T wireless customers interacted with, counts of those interactions and aggregate call duration for a day or month.

AT&T is one of at least 100 companies impacted by a wave of attacks targeting Snowflake customer environments. AT&T spokesperson Andrea Huguely told Cybersecurity Dive the customer data was stolen from the carrier’s Snowflake database.

The attacks targeting Snowflake customers were not caused by a vulnerability, misconfiguration or breach of Snowflake’s systems, Mandiant said last month in a threat intelligence report.

Stolen credentials obtained from multiple infostealer malware infections on non-Snowflake owned systems were the point of entry for the attacks, Mandiant said. Impacted customer accounts were not configured with multifactor authentication.

To read the complete article, visit Cybersecurity Dive.