In news about as comforting as a root canal from Edward Scissorhands, AT&T has managed to misplace six months' worth of call and text records, with hackers making off with metadata that tracks nearly every AT&T cellular network customer.
In April, AT&T was grappling with hackers … unsuccessfully. According to an SEC filing, they discovered that cyber ninjas had "unlawfully accessed and copied AT&T call logs" stored on a third-party cloud platform. While the content of the calls and messages wasn't stolen — so your drunk texts are safe (for now) — the hackers did get their hands on metadata such as who you talked to, when, and for how long.
AT&T's wireless network, with its 127 million devices, is now the scene of this grand theft. They've assured us that no customer names were included. But here's the kicker: With some publicly available online tools, you can easily find the name associated with a specific phone number.
So, while AT&T's trying to downplay the damage, it's like saying, "Hey, we might have lost your house keys, but we didn't give away your address!"
The Federal Communications Commission (FCC) is now in full Sherlock Holmes mode. John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab, called it a "megabreach," not to be confused with MAGAbreach, which has been reserved for when/if Truth Social is ever hacked.
Both Scott-Railton and Thomas Rid, a cybersecurity expert at Johns Hopkins University, have warned about the dangers of metadata, which can allow bad actors to track your daily routines, figure out where you work, where you sleep, and more.
AT&T, in response, has claimed they've taken additional cybersecurity measures, and reported the hack — after being nudged by the Department of Justice — with the urgency of a DMV clerk.
Senator Ron Wyden chimed in, pointing out that this hack is just another chapter in the ongoing saga of telecom companies' cybersecurity negligence, and called for the FCC to hit them where it hurts: their wallets.
I'll leave you with this:
Follow Ian on Substack or X (@ighaworth).
P.S. Now check out our latest video 👇