US mobile operator AT&T reported Friday that hackers had stolen call and message data from virtually all of its customers for six months in 2022 -- around 90 million people.
The company said in a statement that "AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform" and that it had opened an investigation.
It added that the access point used by the hackers "has been secured" and that "based on information available to us...at least one person has been apprehended."
The data mainly comprised records of phone calls and text messages made between May 2022 and October 2022.
These are the phone numbers used by AT&T mobile subscribers, and also, in some cases, location data that could help malicious actors determine where calls were made and text messages sent.
But according to AT&T, the data downloaded by the hackers did not include the content of calls and messages, nor personal information such as names or social security numbers.
"At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved," the company added.
Although Snowflake is not mentioned in the statement, eyes have turned to this cloud platform, which sells data analytics services to large corporations and has recently suffered a wave of data thefts.
A source close to the case confirmed to AFP that the hackers had gained access to the AT&T records via Snowflake.
AT&T already suffered a major cyberattack in March, when the personal data of over 70 million current and former customers was leaked on the dark web.
This is a "second blow to the millions of customers who have already lost trust after having their private information exposed by the company earlier this year," said Darren Guccione, CEO and co-founder at Keeper Security.
Although this time the information is "less sensitive than that disclosed in the previous breach," Guccione recommended that those affected take steps to protect their identity, such as changing their AT&T account password and implementing multifactor authentication.
He further advised customers to monitor their bank accounts, sign up for a dark web monitoring services or freeze their credit "to prevent the approval of new loans or lines of credit" in their name.
The Department of Justice said that it was investigating the incident.