Did AT&T breach include AweSIM users?

lwriemen · July 12, 2024, 2:58pm

Article on breach: AT&T says criminals stole phone records of 'nearly all' customers in new data breach | TechCrunch

j_s · July 12, 2024, 7:52pm

Well there is this:

The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T’s network, the company said.

But the dates seem to be from before AweSIM switched to AT&T.

Sharon · July 12, 2024, 11:57pm

In AT&Ts own quote:
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” AT&T said Friday… Associated Press quoting AT&T

j_s · July 13, 2024, 12:10am

The phone numbers at both ends got leaked. A lot of journalists are probably among the victims. Reporters are probably among those keen on bad actors knowing everyone they have talked to for months, possibly also hen and where. If the party on the other end was also an ATT&T (or AT&T reseller) customer, then their location would be known as well.

Sharon · July 13, 2024, 1:44am

well, they said not to worry. Not sure who to believe any more. But still trust in Santa,

They did say …

or other personally identifiable information

so even two numbers that communicate, bad actors won’t know who is at one end and who is the other. ATT&T explains it better.

amarok · July 13, 2024, 2:28pm

Quoting Krebs On Security:

However, the company said a subset of stolen records included information about the location of cellular communications towers closest to the subscriber, data that could be used to determine the approximate location of the customer device initiating or receiving those text messages or phone calls.

“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” AT&T allowed.

So that would definitely be concerning to journalists in particular, as you said. They would want to prevent identifying their sources.

But yes, this breach (if you can believe AT&T’s statement) seems to have occurred prior to AweSIM’s switch from a T-mobile provider to an AT&T one:

See also (re a previous AT&T breach from 2019):

tracy · July 13, 2024, 2:58pm

About the same time I closed my AT&T account!

The above is from a computer security advert in a computer magazine from the 1990s.