Malware
AT&T Denies Responsibility for Massive Data Breach Affecting 70 Million People: Is Your Information Safe?
AT&T has denied responsibility for a data leak that exposed personal information of 70 million people, claiming the data is not from its systems. Researchers warn that the leaked data, which includes names, addresses, and social security numbers, could be used for identity theft and other malicious activities.
Has your personal information been exposed? A hacker recently leaked a massive trove of data impacting 71 million people on a cybercrime forum, claiming it was stolen in a 2021 breach of AT&T. Although we cannot confirm the legitimacy of all the data in the database, we have verified that some entries are accurate, including those whose data is not publicly accessible for scraping.
The data was allegedly stolen in 2021 by a threat actor known as ShinyHunters, who attempted to sell it on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million. AT&T, however, maintains that the data did not originate from their systems and that they were not breached.
Where did the data come from?
Recently, another threat actor known as MajorNelson leaked the data from the alleged 2021 data breach for free on a hacking forum, claiming it was the same data ShinyHunters tried to sell in 2021. This data includes names, addresses, mobile phone numbers, encrypted dates of birth, encrypted social security numbers, and other internal information.
Shockingly, the threat actors have decrypted the birth dates and social security numbers and added them to another file in the leak, making those also accessible. While we cannot confirm that all 73 million lines are accurate, we have verified that some of the data contains correct information, including social security numbers, addresses, dates of birth, and phone numbers.
What does this mean for AT&T customers?
At this point, it’s a mystery where the data came from. Still, if you were an AT&T customer before and through 2021, it’s safer to assume that your data was exposed and can be used in targeted attacks, including SMS and email phishing and SIM swapping attacks.
If you receive any SMS texts or phishing emails claiming to be from AT&T, be very careful about providing any information. Instead, contact AT&T directly to confirm that they attempted to contact you.
Stay informed and stay safe
As your trusted IT Services provider, we want to keep you informed and help protect your personal information. Our team is continuously monitoring the situation and will provide updates as new information becomes available.
We encourage you to reach out to us if you have any questions or concerns about this developing story. By staying informed and vigilant, we can work together to stay one step ahead of cybercriminals and keep our data secure.