A poorly secured Snowflake account has reportedly cost AT&T more than $300,000 following the recent cyberattack on the telecom giant.
A few months ago, it was reported that a cybercriminal had managed to compromise over 150 corporate accounts on Snowflake. This was due to poor password hygiene and not securing the accounts with multi-factor authentication (MFA).
One of them was AT&T, after a hacker reportedly part of the ShinyHunters threat group gained access to the company’s Snowflake account and stole sensitive customer data.
Bitcoin Ransom
The data includes metadata from calls and text messages (but not the content of the communications), phone numbers of “nearly all” AT&T mobile customers, numbers of customers of other mobile carriers who communicated with AT&T customers in mid-2022, and landline numbers of people who communicated with AT&T customers during the same period.
Apparently, hackers were able to use the data to identify the owners of individual phone numbers.
At the same time, another hacker also had access to the same database – John Erin Binns – who later contacted a security researcher who goes by the alias Reddington, to help buy back the data. These two individuals apparently asked for $1 million in cryptocurrency, in exchange for permanently deleting the data. AT&T brought it down to around $300,000, but before the transaction could be made, Binns was arrested in Turkey, for a completely different cybercrime, reportedly committed in 2021.
Ultimately, Reddington facilitated the transaction to the ShinyHunters hacker, worth 5.72 bitcoin (approximately $359,000 at the time of writing). Multiple researchers confirmed that the transaction had taken place, and the hackers provided video evidence that the entire database had been wiped.
Through Wired