AT&T hack exposes agents’ call logs leaving FBI scrambling


The FBI is racing to safeguard the identities of confidential informants after their numbers were exposed in an AT&T breach last April, Bloomberg News reported on Thursday.

The hackers were said to have targeted AT&T’s public safety service – used by the FBI – potentially compromising agents’ mobile numbers and the numbers they contacted.

Bloomberg News revealed details of the breach on Thursday, citing a document and conversations with current and former law enforcement officials.

ADVERTISEMENT

The threat actors are believed to have gained access to months of agents' call and text logs, including metadata, although the content of calls and texts was not exposed.

FBI officials, who later informed agents that their network activity was likely part of the massive data theft, say the stolen data could link investigators to their secret sources, raising serious concerns about informants' safety.

An FBI spokesperson told Reuters that the agency "has a solemn responsibility to protect the identity and safety of confidential human sources, who provide information every day that keeps the American people safe, often at risk to themselves."

vilius Ernestas Naprys Paulina Okunyte Konstancija Gasaityte profile
Don’t miss our latest stories on Google News

Breach from the past

AT&T announced the massive hacking incident last July, in which data from about 109 million customer accounts, containing records of calls and texts from 2022, was illegally downloaded in April.

In April 2022, Cybernews reported on what appears to be the original AT&T dataset leak, posted for sale by the ShinyHunters threat group for $200,000 on the popular BreachForums hacker marketplace.

AT&T spokesperson Alex Byers told Reuters on Thursday that after "criminals stole customer data last year, we worked closely with law enforcement to mitigate impact to government operations."

ADVERTISEMENT

The telecom giant, which found out about the April 2024 breach a month after it took place, was rumored to have paid Shiny Hunters a $370,000 ransom demand to delete the stolen data via an intermediary affiliate of the group.

The FBI also announced that summer it had arrested one individual for the AT&T hack. However, it's still unknown if ShinyHunters or an affiliate was responsible for the breach or if the arrest resulted from the alleged ransom exchange.

Additionally, the 2022 AT&T dataset, which has since appeared multiple times on the hacker forum, was thought to be a repeat leak from an alleged 2021 hack that AT&T has consistently denied ever took place.

AT&T finally confirmed to Cybernews last year that the 2022 hack 'did' contain the sensitive information of over 73 million customers, roughly 65 million of them former account holders.

At the time, AT&T also told Cybernews it had reset the passcodes of the current 7.6 million compromised account holders and notified them of the leak.

Still, the AT&T breach underscores growing worries about cyberattacks targeting US telecom networks. Recent incidents, such as the attacks against T-Mobile and Verizon, have led US security agencies to take action to prevent hackers from exploiting vulnerabilities in critical infrastructure.

ADVERTISEMENT