X

AT&T says massive breach didn't originate from its systems

Pictured: Sumit Adhikari
By Sumit Adhikari
March 18, 2024
Featured image for AT&T says massive breach didn't originate from its systems

AT&T may have suffered a massive data breach affecting over one-third of its customers. A threat actor leaked the personal information of over 73 million people allegedly stolen from the AT&T database. The carrier has denied the breach saying the leaked data did not originate from its systems.

AT&T denies data breach affecting over 73 million users

The data breach in question happened in August 2021 or before. Well-known threat actor, ShinyHunters, offered to sell a database containing the personal information of over 70 million AT&T users. The hacker auctioned the database at a starting price of $200,000, though they were willing to sell it immediately for $1 million. The leaked information included the names, addresses, phone numbers, Social Security numbers, and dates of birth.

Since ShinyHunters has a history of compromising major websites and databases to steal critical information—they have breached Microsoft’s GitHub account, BigBasket, Pixlr, Mathway, and many more platforms—it appeared to be a genuine claim. However, AT&T denied suffering a breach. The carrier said the information did not come from it and chose not to speculate on whether a third-party partner could have suffered the breach.

“I don’t care if they don’t admit [it]. I’m just selling,” ShinyHunters said in response, adding that they are open to negotiating with AT&T. While we haven’t heard much about the breach since then, the stolen data has just been leaked. Another threat actor, known as MajorNelson, shared the entire database for free on a hacking forum. They explicitly confirmed that it is the same database that ShinyHunters attempted to sell about three years ago.

According to MajorNelson, the leak contains personally identifiable information such as decrypted Social Security numbers and dates of birth for 73,481,539 AT&T lines. Multiple sources have verified the information to be correct. More importantly, they could associate the data with AT&T customers or people with online AT&T accounts. This doesn’t necessarily confirm a breach of AT&T’s database but certainly points in this direction.

AT&T still says  the leaked information didn’t originate from its systems

AT&T had about 202 million customers at the end of 2021. So, this breach affects over 36% of its users. However, the company is adamant that it hasn’t suffered a data breach. It issued a similar statement it used in 2021 to Bleeping Computer. The firm says it still sees “no evidence of a breach” in its systems. It believes that this data did not originate from its systems or databases.

While it is still a mystery where the data came from, the leak is legitimate. It contains the personal information of tens of millions of people, many of whom certainly have or had an AT&T account. Threat actors could use the leaked data for SIM-swapping attacks and other scams. Be wary when receiving calls from unknown numbers or responding to emails and text messages. Avoid clicking on suspicious links.