A telecommunications company, AT&T Inc., has confirmed that data that has recently been found to be on the dark web relating to 73 million of its past and present customers may have come from 2019 or earlier. Originally, the data was being for sale on the now defunct Raid Forums hacking forum in 2021 with the name Social Security numbers and dates of birth and was rumoured to have been for sale for that long.
Following a breach by a seller earlier this month, the same data appeared in an online search earlier this month. The information may have included AT&T account numbers, full names, email addresses, mailing addresses, telephone numbers, Social Security numbers, dates of birth, and passcodes. Aside from passcodes and Social Security numbers, AT&T also reported that the hacked data may have included email addresses, mailing addresses, phone numbers, and birth dates in addition to passcodes and Social Security numbers, AT&T said.
A hacker forum reported the breach nearly two weeks ago. It is unknown if the leak is related to a similar breach in 2021 that was widely reported but AT&T did not acknowledge. Before the leak, the telecom giant denied that the data in question came from its systems, and disputed whether it contained accurate customer data.
As of now, the “recycled” data includes 49 million email addresses and 44 million Social Security numbers, which were acquired from a third party.
This is a repeat leak of customer data from the alleged 2021 hack that AT&T has consistently denied took place, and it was published on the popular hacker marketplace BreachForums on March 17th.
When Recorded Future News was contacted about the dark web posting two weeks ago, a representative stated that AT&T did not have any evidence that AT&T's systems were ever compromised at the time, but that the company had "no indication" that they had been.
There was an indication by the spokesperson that the data set was similar to a set of data offered for sale in 2021 by the hacker group ShinyHunters, which amounted to 73 million AT&T customers.
The attack was reported to have occurred in 2021 when a threat actor called Shiny Hunters was allegedly selling the stolen data of 73 million AT&T customers, including names, addresses, telephone numbers, social security numbers, and birth dates for many customers. AT&T denied at the time that they had suffered a breach or that the data was theirs.
It has been discovered that a massive dataset was leaked on a hacking forum by another threat actor, claiming that it is the same data that Shiny Hunters claimed to have stolen. This incident revealed the same sensitive information that ShinyHunters claimed to have stolen, but not all customers' social security numbers or birth dates were exposed as a result.
According to security researchers, ShinyHunters is a notorious hacker gang that is known for its high-profile data breaches, including that of 40 million T-Mobile users, just weeks before the AT&T claim, identified in 2020.
It was found by security researchers that the gang were trying to sell user data stolen from both carriers on the dark markets within days of each other. ShinyHunters, who have been rumoured since then to have taken over the admin duties at BreachForums since the FBI raided the site last March, have been rumoured to have taken over the administrative duties at BreachForums since then.
Even though AT&T has denied a breach and claims that the data was their own, they are still refusing to admit that such a breach occurred. It has been revealed that some AT&T and DirectTV customers have used Gmail or Yahoo's disposable email feature to create their own DirectTV or AT&T-specific email addresses and they use them only when they sign up for their service. It was confirmed that these email addresses had not been used on any other platform, suggesting that the data must have been generated by AT&T or DirectTV.
According to AT&T's statement and a new page devoted to keeping AT&T accounts secure, more information about the breach will be shared with the public in the form of a published statement. As a result of analyzing the data, many reports have determined that it contains the same sensitive information that ShinyHunters claims to have stolen. The AT&T company denied, once again, that the breach occurred and that the data had originated from them. There are, however, not all of the customers whose social security numbers or birthdates have been exposed.
According to BleepingComputer's interviews with more than 50 AT&T and DirectTV customers who have been interviewed since the data was leaked, the data has been leaked in the form of only AT&T account information, and this information has been accessed for AT&T accounts only. According to cybersecurity expert Troy Hunt, if affected customers are not notified promptly, there is a possibility of class action lawsuits resulting from the breach.
There are approximately 290 million people within the reach of AT&T's wireless 5G network in the United States, putting it among the country's largest providers of mobile and internet services. AT&T previously came under scrutiny due to security lapses, but this is hardly the first time they have been under scrutiny. There was an incident at the end of last year when the company faced a widespread outage attributed to a coding error that caused the company's mobile phone service to go down.
The incident has been attributed to vulnerabilities within AT&T's infrastructure, though AT&T has claimed that there was not a malicious attack behind it.
It was first revealed in 2019 that AT&T employees had been bribed to set up an unauthorized WLAN (wireless access point) inside the infrastructure of the company by the company's executives.
