If you’re an AT&T customer, you should know hackers were able to breach the carrier’s server and steal six months’ worth of personal data for nearly all AT&T wireless subscribers. The data includes call and text message records for six months, but not the actual contents of calls or messages. AT&T landline users also had some records stolen in this major breach.
This isn’t the kind of hack that puts you in danger of being the target of identity theft. The hackers did not obtain your personal details, such as full contact information, names, social security numbers, or bank accounts. But it’s still a massive security breach that can hurt users. Hackers might identify users with the help of their phone numbers, determine their connections to other people, and initiate social engineering attacks.
The hack
AT&T announced the data breach on Friday morning, explaining when the hack occurred and what data the attackers extracted:
Our investigation found that the downloaded data included phone call and text message records of nearly all of AT&T cellular customers from May 1, 2022, to October 31, 2022, as well as on January 2, 2023. These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included. […]
The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months.
AT&T also listed the data that wasn’t stolen to reassure subscribers:
The downloaded data doesn’t include the content of any calls or texts. It doesn’t have the time stamps for the calls or texts. It also doesn’t have any details such as Social Security numbers, dates of birth, or other personally identifiable information.
While the data doesn’t include customer names, there are often ways to find a name associated with a phone number using publicly available online tools.
It’s unclear when the hack was first discovered, but AT&T says it started an investigation. The carrier said the breached access point had been secured. Also, it appears the stolen data isn’t available publicly. It’s unclear what hackers might be doing with the stolen info, but it appears that one person involved in the hack has already been apprehended.
What you can do
AT&T says it’ll contact all users who were affected via text, email, or US mail. But since it says almost all subscribers were affected, you should assume your data was exposed.
The carrier also offers these safety tips to prevent hackers from trying to obtain stuff from you based on the call and text log data they have:
Only open text messages from people that you know and trust.
Don’t reply to a text from an unknown sender with personal details.
Go directly to a company’s website. Don’t use links included in a text message. Scammers can build fake websites using forged company logos, signatures, and styles.
Make sure a website is secure by looking for the “s” after the http in the address. You can also look for a lock icon at the bottom of a webpage.
Finally, users can ask AT&T to specify the exact data that was stolen to determine what sort of information the hackers have.