A threat actor has leaked over 73 million records allegedly containing information on AT&T customers on the ‘Breach’ hacking forums.
AT&T is a multinational telecommunications service provider headquartered in Downtown Dallas, Texas. It’s the world’s fourth-largest telecom company by revenue and the largest wireless carrier in the United States.
The database that was leaked today on the hacking forum is allegedly from the August 2021 breach we covered, and was organized by the notorious data broker ‘ShinyHunters.’ As we noted in our original 2021 article, the threat actor claimed to have acquired it via a data breach on the American telecom giant without disclosing many details about the actual cyberattack.
The threat actor said they held sensitive information on 70 million AT&T customers, offering it for sale for $1,000,000. AT&T disputed the authenticity of the data via a statement to RestorePrivacy, while ShinyHunters held firmly to his original claims during a discussion with us, even offering AT&T a negotiation opportunity.
Today, another cybercriminal named ‘MajorNelson’ has leaked what he claims to be a full copy of that data, which contains the following data points:
- Full names
- Email addresses
- Phone numbers
- Physical addresses
- Social Security Numbers (SSNs)
- Dates of Birth
RestorePrivacy reviewed the leaked samples and found that they contain a mix of cleartext and encrypted or hashed entries, so it looks like they are in raw form.
Also, the complete data, which is accessible for a small amount of cryptocurrency to members of the hacking forum, appears to be authentic. As researcher VX-Underground notes on X, it is still being determined if that data comes from a third-party contractor or AT&T themselves, and in the latter case, which AT&T department.
RestorePrivacy contacted AT&T today for a comment on these recent claims and whether that data belongs to their customers. An AT&T spokesperson told us they are looking into the leaked data, which they believe isn’t associated with them.
We have no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. We believe and are working to confirm that the data set discussed today is the same dataset that has been recycled several times on this forum.
– AT&T spokesperson
In the meantime, AT&T customers are advised to remain vigilant and switch their two-factor authentication methods on valuable accounts to non-SMS, as this data leak increases the risk for unauthorized number ports, aka “SIM swaps.” The dangers of phishing and social engineering for exposed individuals are also elevated, so stay alert for suspicious communications.
Many threat actors have recently posted fake data dumps using generative AI tools to create catalogs of made-up entries, promoting them as follow-ups to past breaches. While this does not appear to be the case here, one should be cautious about accepting threat actor claims until the data is 100% confirmed to be real.