Pierluigi Paganini
March 31, 2024
In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported.
Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached. No information is available to indicate whether it is a 3rd party compromise, or which 'division' this data is from.
— vx-underground (@vxunderground) March 17, 2024
Regardless, upon review we can confirm the stolen data is legitimate.
The researchers confirmed that the leaked data is legitimate, however, it is still unclear if the information was stolen from a third-party organization linked to AT&T.
The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ShinyHunters in 2021. The archive contains 73.481.539 records.
“It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. It was leaked online today.” said vx-underground.
In August 2021, the ShinyHunters group claimed to have a database containing private information on roughly 70 million AT&T customers, but the company denied that they had been stolen from its systems.
ShinyHunters is a popular hacking crew that is known to have offered for sale data stolen from tens of major organizations, including Tokopedia, Homechef, Chatbooks.com, Microsoft, and Minted.
In August 2021, the group asked $1 million for the entire database, or $200,000 for access, according to the RestorePrivacy website that examined a sample that appears authentic.
“While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid.” reads the RestorePrivacy website. “Here is the data that is available in this leak:
The threat actors claimed that data belonged to AT&T customers in the United States, the group told RestorePrivacy that they were available to support AT&T in securing its systems for a reward.
AT&T initially denied any data breach, below is the statement from the telecomunication giant:
“Based on our investigation Thursday, the information that appeared in an internet chat room does not appear to have come from our systems,”
On Saturday, the telecommunications company retracted its initial denial and confirmed the data breach. The data was “released on the dark web approximately two weeks ago,” said the company.
“It is not yet known whether the data … originated from AT&T or one of its vendors,” the company added. “Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
The company pointed out that it is not aware of any compromise of its infrastructure.
“We have no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. We believe and are working to confirm that the data set discussed today is the same dataset that has been recycled several times on this forum.” AT&T told CNN.
The company believes that leaked data are from 2019 or earlier.
“AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.” reads a statement published by the telecommunication giant. “Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
