AT&T says vast amounts of data that affected 71 million people did not come from its systems after hackers leaked the data on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. Stated.
Although BleepingComputer could not confirm the validity of all data in the database, we did confirm the accuracy of some entries, including those where data is not publicly accessible due to scraping.
This data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker said he would sell it immediately for $1 million.
Source: BleepingComputer
AT&T told BleepingComputer at the time that the data did not come from it and its systems were not compromised.
AT&T told BleepingComputer in 2021, “Based on today’s investigation, it appears that the information displayed in the Internet chat room did not originate from our systems.”
When I told ShinyHunters that AT&T said the data didn’t come from them, they responded, “I don’t care if they don’t admit it. I’m just selling.”
AT&T continues to tell BleepingComputer that it has yet to see any evidence of a compromise on its systems and that it still believes this data does not come from it.
BleepingComputer asked AT&T if the data may have been provided by a third-party service provider or vendor, but did not receive a response at this time.
AT&T data allegedly leaked two years later
Today, another attacker known as MajorNelson leaked data from this alleged 2021 data breach for free to a hacking forum, claiming that it was the data that ShinyHunters was trying to sell in 2021.
Source: BleepingComputer
This data includes names, addresses, mobile phone numbers, encrypted dates of birth, encrypted social security numbers, and other inside information.
However, the attackers decrypted the date of birth and social security number and added them to another file in the leak, giving them access to them as well.
BleepingComputer reviewed the data and found that while we cannot confirm that all 73 million rows are accurate, some contain correct information such as social security numbers, addresses, dates of birth, and phone numbers. I have confirmed.
In addition, other cybersecurity researchers, dark web informantwho first told BleepingComputer about the leaked data, and VX-Underground We also confirm that some data is accurate.
At the same time, BleepingComputer was unable to find data on people known to have been AT&T customers before 2021. However, this is not unusual, since the total number of mobile customer base at the end of 2021 was 201.8 million subscribers. This means that even if this data dump is legitimate, it is only a partial dump.
At this point, it’s a mystery where the data came from. Still, from before 2021 to 2021, if he is an AT&T customer, his data could be compromised and used for targeted attacks such as SMS and email phishing, SIM swapping attacks, etc. It’s safer to think about it.
If you receive an SMS text or phishing email claiming to be from AT&T, use extreme caution when providing information. Instead, contact AT&T directly to confirm that AT&T has attempted to contact you.
This is a developing story.
