Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
River Hart

The AT&T data breach can still trace back to you directly - here's how to stay safe

A mobile phone displays the AT&T logo in front of a blurred economic stock exchange index graph in the background.

AT&T has admitted 'tens of millions' of customers were involved in a huge data breach that rocked the telecom titan back in 2022. Although the breach impacted AT&T cellphone customers, the company has since revealed the exposed data did not contain the contents of personal calls and messages, and shouldn't be accesible to the public.

The customer data was downloaded from an AT&T workspace via a third-party cloud platform - all without authorization, of course. The data was made up of "nearly all" AT&T customers' call and text records from May 1, 2022, to October 31, 2022, making it a textbook target for cybercriminals hoping to turn personally identifiable information into a profit via the dark web.

Unfortunately, the records also list the numbers that the affected AT&T customers called and texted, as well as the number of interactions and their durations.

AT&T breach

In a statement AT&T added records from the January 2, 2023 data breach impacted a small number of customers.

As mentioned, the contents of the leaked calls and texts aren't included in the breached data, and also does not include call or text timestamps, sensitive information like Social Security numbers, or personal details like dates of birth.

On July 16, 2024, additional details surfaced citing that the company paid the hackers (who are responsible for the breach) to erase the records. The incident is now also the center of a class-action lawsuit that seeks compensation for affected users. AT&T itself hasn't commented on the lawsuit. However, Bloomberg uncovered the initial complaint and its list of demands – including that the telecommunications company pay damages to victims of the breach. 

WIRED has also revealed that AT&T paid hackers to erase the stolen data. Reportedly, in May this year, AT&T contacted ShinyHunters, a notorious hacking group, and the perpetrators behind the data theft and breach. AT&T asked ShinyHunters to delete the data and record a video of the process as evidence – and then paid the group $370,000 in Bitcoin for doing so.

Unfortunately, a video cannot confirm beyond a shadow of a doubt that all traces of the leaked AT&T data have been expunged from the web. Copies may still exist, after all, and valuable datasets like these are ShinyHunters' bread and butter.

The group initially pilfered the records via a Snowflake cloud storage account – primarily because it wasn't secured properly and lacked multi-factor authentication. AT&T isn't the only company that has been targeted by ShinyHunters, however, as Ticketmaster and Santander have also seen Snowflake accounts infiltrated.

What's at stake?

Despite the fact that the leaked AT&T records didn't contain details like names, addresses, and other overt personal information, the company itself has admitted that savvy hackers can still link an individual to their cellphone number without it.

Stolen data and personally identifiable information (PII) is a big business for cybercriminals – they can sell it for a massive profit or use it themselves to commit fraud. So, given the value of this information, cybercriminals are willing to take vague details (like those involved in the AT&T breach) and put them under the microscope to learn more about their potential victims, all so they'll reap a bigger reward in the end.

If a hacker has access to someone's call records, they can sift through them to piece together a startlingly clear picture of that person's digital social life. Who are they talking to and for how long? How many texts are they sending?

Next, cybercriminals often take to social media to round out their victims' profiles, checking out family members, friends, work contacts, and more. They'll try to figure out who the major players in that person's life are. 

Why? Well, ultimately, it's so they can impersonate them or use their details as leverage in their next round of scams. I see a lot of stories about scammers pretending to be friends stuck on the way home from a trip, asking for money to buy gas or a ticket home, for example. 

So, given the scope of the breach and the potential for rebound fraud, it's unsurprising that AT&T customers want to take legal action. 

What happens next?

AT&T has reassured customers that the affected access point has been secured – which is good news. 

The company has also teamed up with law enforcement to sniff out the cybercriminals behind the attack. In fact, one individual has already been caught out and "apprehended"

Protecting your data is one of our top priorities. We have confirmed the affected access point has been secured.

AT&T

The company has also stated that it'll be in touch with customers (past and present) to confirm that their data was involved in the leak. So, if you've been an AT&T client at any point since May 2022, you'll want to keep an eye out for an email – just in case.

For anyone who is impacted by the AT&T breach (or for you privacy-oriented folks out there), there are a few things you can do to limit the damage to your overall digital security. 

Firstly, it's well worth changing the password associated with your AT&T account – especially if you use it for other sites and apps. Then, I'd recommend checking out one of the best VPNs available today. A VPN keeps all of your personal data hidden away from prying eyes and nosy third parties, encrypting it as you go about your day-to-day browsing. Plus, our #1 rated VPN, NordVPN, even has handy Threat Protection tools that'll zap pop-up ads and fight off phishing attempts.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.