The telecommunications industry juggernaut, AT&T, recently disclosed unauthorized access to their customer data. The company confirmed that these cyber threat perpetrators were indeed successful in illegally downloading the data.
This considerable data breach took place on the workspace of a third-party cloud platform where AT&T data was stored. The news became public on July 12, a few months after the illicit access was first discovered on April 19, 2024. The data includes potentially sensitive AT&T customer records including call logs and text messages dated between May 1, 2022, and October 31, 2022, affecting nearly all of AT&T’s cellular customers.
Christiaan Beek, Senior Director Threat Analytics at Rapid7, described this A&T data breach as ‘huge’, emphasizing that customers should be vigilant for phishing attempts and other types of fraud following the data leak. Beek also suggested that, given the nature of the stolen data, SMS phishing could become a prominent threat.
“The breach against AT&T is huge and will certainly worry any customer whose data has been leaked. Customers should exercise extreme caution and be on the lookout for any potential phishing attacks or other types of fraud. With the type of data stolen, SMS phishing could be particularly prevalent.” – Christiaan Beek
It is noteworthy to mention that the compromised data does not include the content of the calls or texts or any personally identifiable information. According to AT&T, operations weren’t affected due to the breach. The company, however, has taken additional cybersecurity measures to prevent such incidents in the future, including fixing the point of entry exploited in this attack. Customers affected by this issue will also receive notifications from the company.
The Role of Snowflake in the AT&T Breach
The third-party cloud provider, where the data breach occurred, is suspected to be Snowflake. Elliott Wilkes, CTO of Advanced Cyber Defence Systems (ACDS), revealed that this breach seemed to result from illegally extracting AT&T data stored in a Snowflake account, affecting over 100 million customers. Snowflake has been implicated in numerous data breaches recently, some of which have affected big names like Ticketmaster.
Mandiant, a cybersecurity company, pointed out UNC5537, a financially driven threat actor, as the potential suspect in the Snowflake data breaches. The actor has been allegedly disseminating stolen data for sale on the dark web. Mandiant researchers indicated that UNC5537 has been systematically compromising Snowflake customer data using stolen customer credentials.
Jake Williams, a former US National Security Agency (NSA) hacker and Faculty member at IANS Research, has advised organizations to maintain data inventory on Snowflake. He also advised implementing measures such as rotating and invalidating authentication material that might have ended up in a Snowflake instance managed by a third party.
MFA’s Importance
Many breaches on Snowflake occurred due to the absence of multi-factor authentication (MFA), which means the perpetrators could access the accounts by merely knowing the username and password. Wilkes stressed that in order to secure your data and ensure hacked website recovery, there is aurgent need for MFA enforcement by default, not as a premium feature at an added cost. Going forward, the CISO at Snowflake, Brad Jones, confirmed that they are actively working on a plan to imply advanced security controls, MFA, or network policies for their customers to prevent such incidents and clean the WordPress virus in the future.
Customers are encouraged to remain vigilant, be proactive, and work with AT&T and their security service providers to ensure their data security. Google’s Titan Security Key bundle or other physical security key devices could be considered for more secure logins to prevent loss of data and ensure WordPress malware fix. Given the increasing prevalence of data breaches, enabling multi-factor authentication and applying other preventive security measures are crucial to fix WordPress malware and clean WordPress virus.
Need security services for your WordPress site? Contact DrGlenn for protection and recovery. Order Services Today!.