Tech Tidbit – Thoughts About The AT&T Breach

September 16th, 2024

You have probably heard of the AT&T breach by now. Reports describe it as the largest breach in history with serious national security consequences.

AT&T has reported that threat actors stole all client call and text records for six months. I have not read anything indicating that the threat actors know the contents of any communications.

This has multiple implications:

  • Extortion. They know who is talking to each other.
  • Use of caller ID from known contacts to send phishing messages to extend access.
  • Time-based one-time password (TOTP) MFA compromise
  • Sale of those records to dark web clearinghouses for threat groups to effectuate a successful compromise of a target.
    Even if you are not an AT&T client directly, the likelihood that you will communicate with someone who is an AT&T client is rather high. That means you and your users are most likely on these lists.

AT&T clients should seek guidance directly from AT&T on what to do.

For the rest of us, this is yet another example of "everything can be hacked." You need to add this to your Security Awareness Communications and remind your users that they should always report unusual communications and verify unusual requests "out of band," such as picking up the phone and calling the user at the number you already have for the user without relying on anything from the suspicious communications.

-Scott Quimby, CISSP