The White House has reported that at least eight telecom companies have been affected by the Salt Typhoon espionage campaign. This includes some of the biggest wireless service providers, such as Verizon, T-Mobile, and AT&T. Initially, government officials announced that only four telecom companies were affected. However, it was later confirmed that the actual number of victims was at least double the initially announced number. 

Officials are still determining the full scope of the stolen data. Still, the Chinese mass surveillance campaign likely has gained access to the metadata of millions of Americans. And the loopholes still need to be patched.

The metadata consists predominantly of messages and call record logs. It is unknown how long the hackers accessed the information, but many state that the loopholes have existed for years. 

Read also: FTC bans data brokers from selling sensitive information of Americans

How does that affect you?

While Chinese hackers likely do not have any interest in knowing what kind of private calls a regular user has had with their family members, the compromised information of such a wide-reaching campaign also contains information and communication logs of senior officials and military personnel that could be of value to the Chinese spies.

Access to the telecom cloud through the back door would allow the bad actors to access sensitive data. And use it to carry out cyberattacks or exploit the logs to blackmail, defraud, or extort people. The attack also likely gave clues to Volt Typhoon about which Chinese nationals residing in the US are on the watch list by US officials. 

The ongoing cyberattack is so serious that it prompted FBI and CISA officials to advise Americans to use end-to-end encryption messaging apps to avoid Chinese spying on private communication. Government officials have always stressed the importance of encrypted messaging. But such aggressive advice has usually only been suggested to government employees and national security personnel. 

End-to-end encryption on any means of communication ensures that Chinese spies cannot read it even if the connection gets intercepted. This includes calls, emails, and messages. Unlike intercepted messages and written communications that could be stored and used by hackers, the call stolen metadata only contains the call record and does not include the content of the actual call.

The Salt Typhoon espionage campaign has affected not only American phone and internet service providers but also wireless providers from dozens of countries worldwide. The perpetrators have not been fully evicted from the telecom networks. And it is up to consumers to protect themselves by using tools and common sense. While common sense cannot be taught easily, antivirus protection companies often offer powerful tools to help internet surfers maintain online privacy.