AT&T says a large trove of information impacting 71 million individuals didn’t originate from its methods after a hacker leaked it on a cybercrime discussion board and claimed it was stolen in a 2021 breach of the corporate.
Whereas BleepingComputer has not been capable of verify the legitimacy of all the information within the database, we have now confirmed a number of the entries are correct, together with these whose information will not be publicly accessible for scraping.
The information is from an alleged 2021 AT&T information breach {that a} menace actor generally known as ShinyHunters tried to promote on the RaidForums information theft discussion board for a beginning worth of $200,000 and incremental presents of $30,000. The hacker said they’d promote it instantly for $1 million.
Supply: BleepingComputer
AT&T instructed BleepingComputer then that the information didn’t originate from them and that its methods weren’t breached.
“Based mostly on our investigation as we speak, the data that appeared in an web chat room doesn’t seem to have come from our methods,” AT&T instructed BleepingComputer in 2021.
Once we instructed ShinyHunters that AT&T mentioned the information didn’t originate from them, they replied, “I do not care if they do not admit. I am simply promoting.”
AT&T continues to inform BleepingComputer as we speak that they nonetheless see no proof of a breach of their methods and nonetheless consider that this information didn’t originate from them.
BleepingComputer requested AT&T if it was doable the information got here from a third-party service supplier or vendor however has not obtained a response at the moment.
Alleged AT&T information leaked two years later
At present, one other menace actor generally known as MajorNelson leaked information from this alleged 2021 information breach totally free on a hacking discussion board, claiming it was the information ShinyHunters tried to promote in 2021.
Supply: BleepingComputer
This information consists of names, addresses, cell phone numbers, encrypted date of delivery, encrypted social safety numbers, and different inside info.
Nevertheless, the menace actors have decrypted the delivery dates and social safety numbers and added them to a different file within the leak, making these additionally accessible.
BleepingComputer has reviewed the information, and whereas we can’t verify that each one 73 million strains are correct, we verified a number of the information accommodates appropriate info, together with social safety numbers, addresses, dates of delivery, and cellphone numbers.
This was finished by confirming the leaked information with individuals I do know who had been impacted and verifying that most of the listed customers have on-line AT&T accounts.
Moreover, different cybersecurity researchers, similar to Darkish Internet Informer, who first instructed BleepingComputer in regards to the leaked information, and VX-Underground have additionally confirmed a number of the information to be correct.
On the similar time, BleepingComputer couldn’t discover information for individuals recognized to be AT&T prospects in 2021 and earlier. Nevertheless, this is able to not be uncommon as their whole cellular buyer base on the finish of 2021 was 201.8 million subscribers, which means that if this information dump is professional, it is just a partial dump.
At this level, it is a thriller the place the information got here from. Nonetheless, no matter the place it originated, all indicators level to this being information of AT&T prospects.
Due to this fact, if you happen to had been an AT&T buyer earlier than and thru 2021, it’s safer to imagine that your information was uncovered and can be utilized in focused assaults, together with SMS and e-mail phishing and SIM swapping assaults.
Should you obtain any SMS texts or phishing emails claiming to be from AT&T, be very cautious about offering any info. As a substitute, contact AT&T instantly to verify that they tried to contact you.
It is a growing story.