AT&T has responded to a recent incident where a hacker claimed to have leaked a large amount of data on a cybercrime forum.
The Alleged AT&T Data Leak Is the Old 2021 AT&T Data Breach, Says AT&T
According to the company, the latest AT&T Data Leak did not originate from their systems. While the legitimacy of all the data in the leaked database has not been confirmed, some entries have been verified as accurate.
The data is said to be from a 2021 AT&T Data Leak, and the hacker behind it, known as ShinyHunters, attempted to sell it on a data theft forum. The starting price was $200,000, with incremental offers of $30,000, but the hacker expressed willingness to sell it immediately for $1 million.
AT&T has informed BleepingComputer that the data in question did not come from their systems and that no breach occurred.
“Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems,”
AT&T had told BleepingComputer in 2021.
AT&T maintains its position that there is no evidence of a breach in their systems, and they firmly believe that the leaked data did not originate from their organization. When asked about the possibility of the data coming from a third-party service provider or vendor, AT&T has not yet provided a response to BleepingComputer.
The Alleged AT&T Data Leaked Two Years Later
This time, a different threat actor known as MajorNelson has released data from the alleged 2021 AT&T data breach on a hacking forum. MajorNelson claims that this is the same data that ShinyHunters attempted to sell last year.
The leaked data contains personal information such as names, addresses, mobile phone numbers, and encrypted date of birth and social security numbers. However, the threat actors have managed to decrypt the birth dates and social security numbers and have included them in a separate file within the leak, making them accessible to anyone who has access to the data.
Evidence Strongly Suggests that AT&T Data Was Indeed Leaked
BleepingComputer says that they cannot authenticate all 73 million lines, but they hace have verified that certain data entries are indeed accurate. This includes sensitive information such as social security numbers, addresses, dates of birth, and phone numbers.
They said that they have cross-referenced this information with individuals we know personally who have been affected by the breach, as well as confirmed that many of the listed users have active online AT&T accounts.
In addition to the verification done by BleepingComputer, other cybersecurity researchers, including Dark Web Informer and VX-Underground, have also validated the accuracy of certain data within the leaked dataset.
However, BleepingComputer was unable to locate data for individuals known to be AT&T customers in 2021 and earlier. It is important to note that this is not unusual considering AT&T’s large customer base, which reached 201.8 million subscribers by the end of 2021.
Therefore, if the leaked data is legitimate, it is likely a partial dump and not a comprehensive representation of all AT&T customers.
The source of the leaked data remains unknown, but the evidence strongly suggests that it contains information of AT&T customers.
If you were an AT&T customer prior to and during 2021, it is advisable to assume that your data may have been exposed in the AT&T Data Leak. This puts you at risk of targeted attacks, such as SMS and email phishing or SIM swapping.
To protect yourself, exercise caution if you receive any SMS texts or phishing emails claiming to be from AT&T.
Refrain from providing any personal information and instead, contact AT&T directly to verify if they indeed attempted to reach out to you.
