Search the Community

Earlier today, AT&T suffered a major outage of its cellular network in the US. Users began reporting issues connecting with AT&T's network as early as 4 am Eastern time today. The event lasted for a number of hours before AT&T announced around 3 pm Eastern time today that it had restored the service for all of its customers. Earlier this evening, AT&T posted another update with a very general, and also very vague, explanation of today's events: AT&T has not offered any more details on what happened to its wireless network. Many people speculated online that the cause of today's outage was indeed some kind of sophisticated hacker attack, but the company's statement tonight seems to push that theory aside. However, that is not stopping the US government from looking into today's incident. Reuters reports that White House national security spokesperson John Kirby stated that both the FBI and the Department of Homeland Security were looking into AT&T's cellular outage. Kirby echoed AT&T's comment that this does not appear to be a cyber-attack. In addition, the Federal Communications Commission (FCC) posted on its X (formerly Twitter) account that its own Public Safety division was investigating the disruption. Hopefully, we will get a much more detailed explanation from AT&T about what happened and perhaps how the company will keep it from happening again. Source

When the data was published in 2021, the company said it didn't belong to its customers. AT&T is notifying millions of current or former customers that their account data has been compromised and published last month on the dark web. Just how many millions, the company isn't saying. In a mandatory filing with the Maine Attorney General’s office, the telecommunications company said 51.2 million account holders were affected. On its corporate website, AT&T put the number at 73 million. In either event, compromised data included one or more of the following: full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and AT&T passcodes. Personal financial information and call history didn’t appear to be included, AT&T said, and data appeared to be from June 2019 or earlier. The disclosure on the AT&T site said the 73 million affected customers comprised 7.6 million current customers and 65.4 million former customers. The notification said AT&T has reset the account PINs of all current customers and is notifying current and former customers by mail. AT&T representatives haven’t explained why the letter filed with the Maine AG lists 51.2 million affected and the disclosure on its site lists 73 million. According to a March 30 article published by TechCrunch, a security researcher said the passcodes were stored in an encrypted format that could easily be decrypted. Bleeping Computer reported in 2021 that more than 70 million records containing AT&T customer data was put up for sale that year for $1 million. AT&T, at the time, told the news site that the amassed data didn’t belong to its customers and that the company's systems had not been breached. Last month, after the same data reappeared online, Bleeping Computer and TechCrunch confirmed that the data belonged to AT&T customers, and the company finally acknowledged the connection. AT&T has yet to say how the information was breached or why it took more than two years from the original date of publication to confirm that it belonged to its customers. Given the length of time the data has been available, the damage that’s likely to result from the most recent publication is likely to be minimal. That said, anyone who is or was an AT&T customer should be on the lookout for scams that attempt to capitalize on the leaked data. AT&T is offering one year of free identity theft protection. Source

AT&T, one of the largest mobile carriers in the United States, has confirmed a massive data breach affecting millions of its customers. The breach affects around 7.6 million current AT&T account holders and 65.4 million former account holders. For those affected, the carrier company says that users will receive an email or letter explaining the incident, what information was compromised, and what it is doing in response to it. The data breach includes fields such as full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number, and passcode. For now, the company is resetting users' passcodes and also advises users to change them as a precaution. AT&T says that it has determined company-specific fields in the dataset that was leaked on the dark web. However, where the data originated from still remains unknown. AT&T says that it hasn't found any "evidence of unauthorized access to its systems resulting in the theft of the data set." The dataset appears to have data from 2019 or earlier. The company has previously denied being affected by a data breach, citing that "the information that appeared in an internet chat room does not appear to have come from our systems." The dataset from this breach, which happened in 2021, was being sold by threat actors ShinyHunters, who confirmed that the breach indeed happened from AT&T's internal systems. All AT&T customers have been advised to remain vigilant by monitoring their account activity and credit reports. The company, in its FAQ, suggests users set up free fraud alerts on credit bureaus like Equifax, Experian, and TransUnion. Users can go through AT&T's FAQ page to know more details about the data breach. We recommend users be careful about any SMS or phishing emails impersonating AT&T and contact the company to confirm whether they attempted to make the contact. Source

AT&T caused outage that blocked 92 million calls, 25,000 attempts to reach 911. A government investigation has revealed more detail on the impact and causes of a recent AT&T outage that happened immediately after a botched network update. The nationwide outage on February 22, 2024, blocked over 92 million phone calls, including over 25,000 attempts to reach 911. As described in more detail later in this article, the FCC criticized AT&T for not following best practices, which dictate "that network changes must be thoroughly tested, reviewed, and approved" before implementation. It took over 12 hours for AT&T to fully restore service. "All voice and 5G data services for AT&T wireless customers were unavailable, affecting more than 125 million devices, blocking more than 92 million voice calls, and preventing more than 25,000 calls to 911 call centers," the Federal Communications Commission said yesterday. The outage affected all 50 states as well as Washington, DC, Puerto Rico, and the US Virgin Islands. The outage also cut off service to public safety users on the First Responder Network Authority (FirstNet), the FCC report said. "Voice and 5G data services were also unavailable to users from mobile virtual network operators (MVNOs) and other wireless customers who were roaming on AT&T Mobility's network," the FCC said. An incorrect process AT&T previously acknowledged that the mobile outage was caused by a botched update related to a network expansion. The "outage was caused by the application and execution of an incorrect process used as we were expanding our network, not a cyber attack," AT&T said. The FCC report said the nationwide outage began three minutes after "AT&T Mobility implemented a network change with an equipment configuration error." This configuration error caused the AT&T network "to enter 'protect mode' to prevent impact to other services, disconnecting all devices from the network, and prompting a loss of voice and 5G data service for all wireless users." While the network change was rolled back within two hours, full service restoration "took at least 12 hours because AT&T Mobility's device registration systems were overwhelmed with the high volume of requests for re-registration onto the network," the FCC found. Outage reveals deeper problems at AT&T Although a configuration error was the immediate cause of the outage, the FCC investigation revealed various problems in AT&T's processes that increased the likelihood of an outage and made recovery more difficult than it should have been. The FCC Public Safety and Homeland Security Bureau analyzed network outage reports and written responses submitted by AT&T and interviewed AT&T employees. The bureau's report said: At 2:42 am CST on February 22, an AT&T "employee placed a new network element into its production network during a routine night maintenance window in order to expand network functionality and capacity," the FCC said. The configuration "did not conform to AT&T's established network element design and installment procedures, which require peer review." An adequate peer review should have prevented the network change from being approved and from being loaded onto the network, but this peer review did not take place, the FCC said. The configuration error was made by one employee, and the misconfigured network element was loaded onto the network by a second employee. "The fact that the network change was loaded onto the AT&T Mobility network indicates that AT&T Mobility had insufficient oversight and controls in place to ensure that approval had occurred prior to loading," the FCC said. AT&T faces possible punishment AT&T issued a statement saying it has "implemented changes to prevent what happened in February from occurring again. We fell short of the standards that we hold ourselves to, and we regret that we failed to meet the expectations of our customers and the public safety community." AT&T could eventually face some kind of punishment. The Public Safety and Homeland Security Bureau referred the matter to the FCC Enforcement Bureau for potential violations of FCC rules. Verizon Wireless last month agreed to pay a $1,050,000 fine and implement a compliance plan because of a December 2022 outage in six states that lasted one hour and 44 minutes. The Verizon outage was similarly caused by a botched update, and the FCC investigation revealed systemic problems that made the company prone to such outages. All 911 attempts failed Once the AT&T configuration error was introduced, "downstream network elements propagated the error further into the network," the FCC said. "This triggered an automated response that shut down all network connections to prevent the traffic from propagating further into the network. The shutdown isolated all voice and 5G data processing elements from the wireless towers and switching elements, preventing these services from being available." The AT&T network disconnected all devices from voice and 5G data services "at 2:45 am, just three minutes after the misconfigured network element was placed into production." When voice services were disconnected, no 911 calls from AT&T devices could be routed to Public Safety Answering Points (PSAPs), the FCC said: AT&T prioritized the restoration of FirstNet service over commercial and residential users, and FirstNet infrastructure was restored by 5 am. "Restoring service to commercial and residential users took several more hours as AT&T Mobility continued to observe congestion as high volumes of AT&T Mobility user devices attempted to register on the AT&T Mobility network. This forced some devices to revert back to SOS mode," the FCC said. Other underlying problems The lack of peer review mentioned earlier was accompanied by a failure to conduct adequate lab testing. The FCC said AT&T's lab testing "either failed to effectively emulate the live environment or failed to test the impact of this misconfiguration on the wider network. Any such testing should have identified the issue prior to the occurrence of the outage." AT&T also failed to adequately test after implementation of the network change, the FCC said. "An effective post-installation test may have helped detect the misconfigured network element more quickly, thereby allowing AT&T Mobility to initiate corrective action more expeditiously," the FCC said. "AT&T Mobility either lacked sufficient oversight and controls in place to ensure these test processes were followed, or if they were, then the processes themselves were insufficient." Additionally, a "downstream network element lacked controls specific to mitigating this error and therefore was unable to mitigate the effects created by the misconfigured network element," the FCC said. "Because the network element was lacking these controls, it passed traffic further into the network." AT&T was unprepared for the congestion caused by user devices attempting to reconnect to the network en masse. "Despite configuring its network to enter Protection Mode to prevent propagating errors to other parts of the network, AT&T failed to prepare for the registration congestion associated with the network recovering from Protection Mode, or to sufficiently mitigate that congestion after the fact... More robust registration systems with greater capacity would have enabled AT&T Mobility to more quickly and efficiently recover after the network entered into Protection Mode," the FCC said. Fixes AT&T has been working on changes to prevent future outages. Within two days of the February outage, it implemented new technical controls, the FCC said. "This included scanning the network for any network elements lacking the controls that would have prevented the outage, and promptly putting those controls in place. AT&T has engaged in ongoing forensic work and implemented additional enhancements to promote network robustness and resilience," the FCC said. AT&T also "implemented additional steps for peer review and adopted procedures to ensure that maintenance work cannot take place without confirmation that required peer reviews have been completed." The FCC said it will issue a public notice to service providers reminding them of the importance of following best practices. The public notice will be based on analysis of the AT&T outage and other recent outages. "Sound network management practices of critical infrastructure and AT&T Mobility's own processes demand that only approved network changes that are developed pursuant to internal procedures and industry best practices, should be loaded onto the production network. It should not be possible to load changes that fail to meet those criteria," the FCC said. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every single day for many years. 2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts

AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. The company confirmed to BleepingComputer that the data was stolen from the Snowflake account between April 14 and April 25, 2024. In a Friday morning Form 8-K filling with the SEC, AT&T says that the stolen data contains the call and text records of nearly all AT&T mobile clients and customers of mobile virtual network operators (MVNOs) made from May 1 to October 31, 2022 and on January 2, 2023. The stolen data includes: Telephone numbers of AT&T wireline customers and customers of other carriers. Telephone numbers with which AT&T or MVNO wireless numbers interacted. Count of interactions (e.g., the number of calls or texts). Aggregate call duration for a day or month. For a subset of records, one or more cell site identification numbers. The exposed records did not contain the content of the calls or texts, customer names, or any other personal information such as Social Security numbers or dates of birth. Although the accessed logs do not contain sensitive information that directly exposes customer identities, the communications metadata can be used to correlate them with publicly available information and easily derive identities in many cases. The company says that after learning of the breach they worked with cybersecurity experts and notified law enforcement. The US Department of Justice gave AT&T permision twice, on May 9, 2024 and June 5, 2024, to delay public notification due to the potential risks to national security and public safety. "Shortly after identifying a potential breach to customer data and before making its materiality decision, AT&T contacted the FBI to report the incident. In assessing the nature of the breach, all parties discussed a potential delay to public reporting under Item 1.05(c) of the SEC Rule, due to potential risks to national security and/or public safety," the FBI told BleepingComputer. "AT&T, FBI, and DOJ worked collaboratively through the first and second delay process, all while sharing key threat intelligence to bolster FBI investigative equities and to assist AT&T’s incident response work." "The FBI prioritizes assistance to victims of cyber-attacks, encourages organizations to establish a relationship with their local FBI field office in advance of a cyber incident, and to contact the FBI early in the event of breach." AT&T is working with law enforcement to arrest those involved and states that they understand at least one person has already been apprehended. AT&T said it has implemented additional cybersecurity measures to block unauthorized access attempts in the future, and it promised to notify current and former customers impacted by this incident soon. Meanwhile, AT&T customers can follow the links provided on this FAQ page to check if their phone number's data was exposed and to download the data associated with their number that was stolen. As of today, AT&T says it has no evidence the accessed data has been made publicly available and says the incident is not related to the 2021 data breach AT&T confirmed earlier this year impacted 51 million customers. The Snowflake data theft attacks AT&T has confirmed to BleepingComputer that the data was stolen from its Snowflake account as part of a wave of recent data theft attacks using compromised credentials. Snowflake is a cloud-based database provider that allows customers to perform data warehousing and analytics on large volumes of data. Last month, Mandiant revealed that a financially motivated threat actor tracked as 'UNC5537' was behind multiple attacks against Snowflake customers, using account credentials stolen via infostealer malware. Snowflake has since introduced a mandatory multi-factor authentication (MFA) enforcement option for workspace administrators to protect accounts against easy take-overs leading to data breaches impacting millions of people. The list of high-profile victims to which AT&T is being added now includes Advance Auto Parts, Pure Storage, Los Angeles Unified, Neiman Marcus, Ticketmaster, and Banco Santander. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every single day for many years. 2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts