Threat actors leaked 70M+ records allegedly stolen from AT&T

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

Pierluigi Paganini
March 17, 2024

Researchers at vx-underground first noticed that more than 70,000,000 records from AT&T were leaked on the Breached hacking forum.

More than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached, vx-underground researchers reported.

The researchers confirmed that the leaked data is legitimate, however, it is still unclear if the information was stolen from a third-party organization linked to AT&T.

The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unamed AT&T division by @ShinyHunters in 2021. The archive contains 73.481.539 records.

“It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. It was leaked online today.” said vx-underground.

In August 2021, the ShinyHunters group claimed to have a database containing private information on roughly 70 million AT&T customers, but the company denied that they had been stolen from its systems.

ShinyHunters is a popular hacking crew that is known to have offered for sale data stolen from tens of major organizations, including Tokopedia, Homechef, Chatbooks.com, Microsoft, and Minted.

In August 2021, the group asked $1 million for the entire database, or $200,000 for access, according to the RestorePrivacy website that examined a sample that appears authentic.

“While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid.” reads the RestorePrivacy website. “Here is the data that is available in this leak:

• Name
• Phone number
• Physical address
• Email address
• Social security number
• Date of birth”

The threat actors claimed that data belonged to AT&T customers in the United States, the group told RestorePrivacy that they were available to support AT&T in securing its systems for a reward.

AT&T denied any data breach, below is the statement from the telecomunication giant:

“Based on our investigation Thursday, the information that appeared in an internet chat room does not appear to have come from our systems,”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts