AT&T says a large trove of knowledge impacting 71 million individuals didn’t originate from its methods after a hacker leaked it on a cybercrime discussion board and claimed it was stolen in a 2021 breach of the corporate.
Whereas BleepingComputer has not been in a position to affirm the legitimacy of all the info within the database, we’ve confirmed among the entries are correct, together with these whose information is just not publicly accessible for scraping.
The info is from an alleged 2021 AT&T information breach {that a} menace actor generally known as ShinyHunters tried to promote on the RaidForums information theft discussion board for a beginning value of $200,000 and incremental gives of $30,000. The hacker acknowledged they might promote it instantly for $1 million.
ShinyHunters trying to promote alleged AT&T dataSource: BleepingComputer
AT&T advised BleepingComputer then that the info didn’t originate from them and that its methods weren’t breached.
“Primarily based on our investigation right now, the data that appeared in an web chat room doesn’t seem to have come from our methods,” AT&T advised BleepingComputer in 2021.
Once we advised ShinyHunters that AT&T stated the info didn’t originate from them, they replied, “I do not care if they do not admit. I am simply promoting.”
AT&T continues to inform BleepingComputer right now that they nonetheless see no proof of a breach of their methods and nonetheless consider that this information didn’t originate from them.
BleepingComputer requested AT&T if it was attainable the info got here from a third-party service supplier or vendor however has not acquired a response right now.
Alleged AT&T information leaked two years later
In the present day, one other menace actor generally known as MajorNelson leaked information from this alleged 2021 information breach free of charge on a hacking discussion board, claiming it was the info ShinyHunters tried to promote in 2021.
Put up on hacking discussion board leaking alleged AT&T information from 2021 breachSource: BleepingComputer
This information consists of names, addresses, cell phone numbers, encrypted date of delivery, encrypted social safety numbers, and different inner info.
Nonetheless, the menace actors have decrypted the delivery dates and social safety numbers and added them to a different file within the leak, making these additionally accessible.
BleepingComputer has reviewed the info, and whereas we can not affirm that each one 73 million strains are correct, we verified among the information incorporates appropriate info, together with social safety numbers, addresses, dates of delivery, and telephone numbers.
Moreover, different cybersecurity researchers, comparable to Darkish Internet Informer, who first advised BleepingComputer in regards to the leaked information, and VX-Underground have additionally confirmed among the information to be correct.
On the identical time, BleepingComputer couldn’t discover information for individuals identified to be AT&T clients in 2021 and earlier. Nonetheless, this might not be uncommon as their complete cell buyer base on the finish of 2021 was 201.8 million subscribers, which means that if this information dump is authentic, it is just a partial dump.
At this level, it is a thriller the place the info got here from. Nonetheless, no matter the place it originated, all indicators level to this being information of AT&T clients.
Subsequently, in the event you had been an AT&T buyer earlier than and thru 2021, it’s safer to imagine that your information was uncovered and can be utilized in focused assaults, together with SMS and e mail phishing and SIM swapping assaults.Â
In the event you obtain any SMS texts or phishing emails claiming to be from AT&T, be very cautious about offering any info. As a substitute, contact AT&T instantly to substantiate that they tried to contact you.
It is a growing story.