It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.
In the news
Around 110 million AT&T subscribers were affected by a data breach from May 1 to Oct. 31, 2022, TechCrunch reported. A statement from the telecom company explained, “The call and text records identify the phone numbers with which an AT&T number interacted during this period, including AT&T landline (home phone) customers. It also included counts of those calls or texts and total call durations for specific days or months.” According to TechCrunch, this incident was related to an increase in data thefts targeting the corporate customers of Snowflake, a cloud data provider. Their customers allegedly did not utilize multifactor authentication. Read more here.
What you can do
If you were a subscriber of AT&T during this period, consider reviewing your SMS messages and phone calls with past sources. Although the contents of these conversations were not revealed, the information about these messages — their metadata — has been exposed. Please take these following steps:
- To lower future risk, make use of end-to-end encrypted messaging services like Signal when communicating with sources. Unlike cellular providers, Signal does not keep logs of your conversations.
- Advertise confidential tip lines on your social media accounts, especially if a potential source does not have Signal.
- If you would like to learn more about the implications of this data breach, read this blog post by our Principal Researcher, Martin Shelton.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Kevin
–
Digital Security Training Intern
Freedom of the Press Foundation
