Over the past few days, AT&T, a major American telecom company, has made headlines due to a sophisticated cyber-attack that exposed the details of over 109 million mobile customers dating back to 2022.
According to updates received by our Cybersecurity Insiders, the data breach occurred in 2022 and affected customers who used AT&T’s telecom services between March and October of that year. This includes users of their cellular network, virtual mobile network, and landline services.
Fortunately, the hackers did not access sensitive information such as social security numbers (PII). As of now, there is no evidence that the information gleaned from calls and text messages has been used for social engineering attacks against affected customers.
AT&T has set up a dedicated web portal for customers to check if their number was impacted by the breach. Those affected will be notified digitally for further clarification.
According to the latest SEC filing made last week, Snowflake cloud provider’s data leak is said to have contributed to the AT & T data breach that made the company pay approximately $370,000 in crypto currency to erase the stolen data from the crime server/s.
In a separate incident, hackers have reportedly stolen a massive 1TB dataset from Disney’s Slack servers. The stolen data allegedly includes details about upcoming projects, conceptual art for Disney Games, and personal information of employees. Among the leaked details are plans related to projects like “Marvel 1943: The Rise of the Hydra” and the Deadpool movie, generating anticipation among fans eager for glimpses of future episodes.
It remains unclear whether the hacking group “Nullbulge” breached Disney’s servers for financial gain or to sell the stolen data on the dark web.
In recent years, cybercriminals have increasingly targeted technology and gaming companies, knowing they can demand hefty ransom payments to disrupt operations. For instance, CDK Group, which provides software services to the automotive industry in America, recently faced a ransomware attack and reportedly paid a ransom of $22 million.
The FBI has criticized the practice of paying ransom, arguing that it does not guarantee a decryption key and can incentivize further crime. Instead, they recommend victims contact law enforcement and share details to aid in stopping the spread of malware to other businesses. In some cases, victims may even receive decryption assistance from authorities at no cost.