AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company.
While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping.
The data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000.
AT&T told BleepingComputer then that the data did not originate from them and that its systems were not breached.
AT&T continues to tell BleepingComputer today that they still see no evidence of a breach in their systems and still believe that this data did not originate from them.
BleepingComputer asked AT&T if it was possible the data came from a third-party service provider or vendor but has not received a response at this time.
Today, another threat actor known as MajorNelson leaked data from this alleged 2021 data breach for free on a hacking forum, claiming it was the data ShinyHunters attempted to sell in 2021.
This data includes names, addresses, mobile phone numbers, encrypted date of birth, encrypted social security numbers, and other internal information.
BleepingComputer has reviewed the data, and while we cannot confirm that all 73 million lines are accurate, we verified some of the data contains correct information, including social security numbers, addresses, dates of birth, and phone numbers.
Other cybersecurity researchers, such as Dark Web Informer, who first told BleepingComputer about the leaked data, and VX-Underground have also confirmed some of the data to be accurate.
At the same time, BleepingComputer could not find data for people known to be AT&T customers in 2021 and earlier.
This would not be unusual as their total mobile customer base at the end of 2021 was 201.8 million subscribers, meaning that if this data dump is legitimate, it is only a partial dump.
At this point, it's a mystery where the data came from.
Still, if you are an AT&T customer before and through 2021, it is safer to assume that your data was exposed and can be used in targeted attacks, including SMS and email phishing and SIM swapping attacks.
If you receive any SMS texts or phishing emails claiming to be from AT&T, be very careful about providing any information.
Instead, contact AT&T directly to confirm that they attempted to contact you.
Nissan confirms ransomware attack exposed data of 100,000 people.
Acer confirms Philippines employee data leaked on hacking forum.
Insomniac Games alerts employees hit by ransomware data breach.
200,000 Facebook Marketplace user records leaked on hacking forum.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 17 Mar 2024 23:25:16 +0000