AT&T Admits Catastrophic Data Breach: 73 Million Customers’ Information Exposed on Hacker Forum

It’s finally official: AT&T has confirmed that a data breach has affected 73 million of its current and former customers. For the past two weeks, the company had been denying that the leaked customer data came from their systems or that they had experienced a breach at all.

Although AT&T maintains that there’s no evidence of their systems being breached, they’ve now admitted that the leaked data does indeed belong to 73 million of their current and former customers. In a statement, they’ve explained that the data set seems to be from 2019 or earlier, affecting around 7.6 million current account holders and around 65.4 million former account holders.

A Blast from the Past: The 2021 Shiny Hunters Claim

Back in 2021, a threat actor known as Shiny Hunters claimed to be selling the stolen data of 73 million AT&T customers. This data included names, addresses, phone numbers, and, for many customers, social security numbers and birth dates. At the time, AT&T denied that they had suffered a breach or that the data had come from them.

Fast forward to 2024, and another threat actor leaked the massive dataset on a hacking forum, stating it was the same data stolen by Shiny Hunters. We analyzed the data and determined that it contained the same sensitive information that ShinyHunters claimed was stolen. However, not every customer had their social security number or birth date exposed by the incident.

Connecting the Dots: Disposable Emails and AT&T Accounts

Since the data was leaked, we’ve spoken to over 50 AT&T and DirectTV customers who told us that the leaked data contains information that was only used for their AT&T accounts. These customers stated that they used the disposable email feature of Gmail and Yahoo to create DirectTV or AT&T-specific email addresses that were only used when they signed up for their service. These email addresses were confirmed not to be used on any other platform, indicating that the data had to have originated from DirectTV or AT&T.

Troy Hunt also confirmed similar information from customers after the data was added to the Have I Been Pwned data breach notification service. However, after contacting AT&T numerous times with this information, the company did not respond to further emails until today.

Security Passcodes Compromised

AT&T has now disclosed that the security passcodes for 7.6 million customers were compromised as part of the breach and have been reset by the company. Customers use passcodes to further secure their AT&T accounts by requiring them to receive customer support, manage accounts at retail stores, or sign into their online accounts.

In a new advisory, AT&T explained, “It has come to our attention that a number of AT&T passcodes have been compromised. We are reaching out to all 7.6M impacted customers and have reset their passcodes. In addition, we will be communicating with current and former account holders with compromised sensitive personal information.”

What’s Next for AT&T Customers?

AT&T is now saying that the data appears to be from 2019 and earlier, and does not contain personal financial information or call history. The company will notify all 73 million former and current customers about the breach and the next steps they should take.

AT&T customers can also use Have I Been Pwned to determine if their data was compromised in this breach.

Don’t Be a Victim: Stay Informed and Protect Your Data

This AT&T data breach serves as a stark reminder of the importance of staying informed and taking steps to protect your personal information. Keep coming back to learn more about the latest developments in cybersecurity, and don’t hesitate to contact us for assistance in safeguarding your data.