"still-unfolding data breach involving more than 160 customers of the cloud data provider Snowflake.'
So what is Snowflake normally doing with all that AT&T data? Redistributing it to "marketing partners"? Apparently. Snowflake's mission statement, from their web site:
"Our mission is to break down data silos, overcome complexity and enable secure data collaboration between publishers, advertisers and the essential technologies that support them."
So this was not, apparently, a break-in to the operational side of AT&T. Someone unauthorized got hold of data they were already selling to marketers. Is that correct?
This would probably be no different if someone like Salesforce had a breach and a large customer of theirs being impacted. There are large companies using SaaS services for a chunks of their back office stuff.
Its not just a bad password, it was a password that was exposed to a info stealer in some way. It might of been reused or overshared into some system that got exposed. From what I understand someone got a huge info stealer dump and started putting two and two together and noticed all these scraped passwords and tried them on snowflake
It's not "internal analytics", because a) 90% of the data was former customers and b) it has location data but timestamps were removed, so it's social-graph information plus location. Start asking yourself what sorts of end-users want to pay for the entire social-graph of 77m, regardless whether those customers never make a phone call again.
"Alternate credit scoring, hyper-targeted marketing and more... an emerging trend of companies building partnerships with telecoms to power use cases across multiple industries." was the blurb for the unit Snowflake specially set up for Telco data in early 2023 touting "location data", but this product is not aimed at the telco's use-case; coincidentally this was also around the time Snowflake was touting integration with GenAI.
(It's not "competitor analysis" either, because if it was they would have obscured the 68m former phone numbers to prevent abuse by direct-marketing.)
Snowflake PR, from the link above: "What makes telecom service providers unique is that they have access to consumer location data. For most other industries, a consumer can go into their phone’s privacy settings and turn off the location access in the smartphone app. But in the world of telecom, as long as the phone is connected to a network, the telecom provider can use triangulation to find the approximate location of a consumer. This is why there is an emerging trend of companies building partnerships with telecoms to power use cases across multiple industries from competitor intelligence, alternate credit scoring, hyper-targeted marketing and more."
That pretty much says it.
It's disappointing that TechCrunch didn't point this out. Nor did the New York Times.[1] Yet it's right there on Snowflake's site.
- [EDIT: I confused the details of this AT&T breach with the other (2019) one disclosed on 3/2024: 77m AT&T/MVNO customers, 90% of them former customers]. This one is 110m customers, presumably all their current customerbase. But it's still unlikely this is "internal analytics" (for telco business-case) given the timestamps were removed but location data included.
I pointed out previously that the logs contained unobscured phone numbers, so no privacy. You can deanonymize just by reverse-searching the phone number in data broker datasets. They also included the location data for each call/text. Yet no datestamp. That's weird.
As to who would be the end-user for the social graph of 110m users with location data but without dates and times, show us any use-case that's telco-related (not even spam prevention). It's not going to be. You'd want timestamps to disambiguate who are they contacting at work, at home, on their commute, at weekends, etc.
So without that it'll be more like alternate credit scoring, surveillance, national-security. And why was Snowflake so eager to promote industries building business models on users' location data? For growth, sure, but who is this mystery industry sector that suddenly sprang up at the same time as GPT-4?
Service A can access the dataset with the location hidden while Service B can access the dataset with the timestamp hidden while Service C can access the full dataset.
So Snowflake probably has the full dataset, and the account that was used in the breach only had access to a part of it, where the timestamp was hidden.
It's hard to come to any conclusion about what was done with the data on this account.
We can even go as far as saying that the account never used the data but had access to it because it was part of a group of accounts with access to it.
I said not "internal analytics". Not "internal". The end-customers who would be buying that aren't telcos. Like I said. They are the other (non-telco) emerging industries that Snowflake's blurb hints at.
e.g. a startup doing an Alternate credit scoring model isn't "internal analytics" wrt a telco.
So what is Snowflake normally doing with all that AT&T data? Redistributing it to "marketing partners"? Apparently. Snowflake's mission statement, from their web site:
"Our mission is to break down data silos, overcome complexity and enable secure data collaboration between publishers, advertisers and the essential technologies that support them."
So this was not, apparently, a break-in to the operational side of AT&T. Someone unauthorized got hold of data they were already selling to marketers. Is that correct?