AT&T revealed Friday morning that a cybersecurity attack had exposed call records and texts from “nearly all” of the carrier’s cellular customers (including people on MVNOs that use AT&T’s network, like Cricket, Boost Mobile, and Consumer Cellular) during the period between May 1st, 2022, and October 31st, 2022, as well as a “very small number” of customers on January 2nd, 2023.

AT&T spokesperson Alex Byers confirmed to The Verge the threat actor accessed the information through the company’s account on a third-party cloud platform, Snowflake, similar to data breaches that have affected Ticketmaster and Santander Bank. AT&T first learned of the breach in April, but as reported by TechCrunch, an FBI spokesperson confirmed “AT&T, the FBI…