AT&T says massive breach of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in 2021 breach of the company.
The data is from an alleged 2021 AT&T data breach that a threat actor famous as ShinyHunters tried to sell on the Radio Forums data theft forum for starting price of $200,000 and incremental offers of $30,000.
The hackers stated they would sell it for $1 million.
AT&T told the media the data did not originate from them and systems were not breached.
They still see no evidence of a breach in their systems and still believe that this data did not originate from them.
AT&T does not respond that it was possible the data come from 3rd party service provider or vendor but has not get a reply at this time.
Alleged AT&T data leaked two years later
Another threat actor famous as Major Nelson leaked data from this alleged 2021 data breach fro free on a hacking forum claiming it was the data ShinyHunters tried to sell in 2021.
This data includes name, mobile phone numbers encrypted, date of birth, encrypted social security number and other internal data.
The threat actors have decrypted the birth dates and social security numbers and added them to another file in the leak making those accessible.
We cannot confirm that all 73 million lines are accurate we verified some data contains correct information, addresses, date of birth, phone numbers and social security numbers.
Cybersecurity researchers Dark Web Informer and VX Underground have confirmed some of data to be accurate.
If you were an AT&T customer before and through 2021 it is assume that your data was exposed and can be used in targeted attacks including email phishing and SMS and SIM swapping attacks.
If you get any SMS texts or phishing emails claiming to be from AT&T be very careful about providing any data.
It could not find data for known to be AT&T customers in 2021 and earlier. This would not be uncommon as total mobile consumer base at end of 2021 was 201.8 million subscribers meaning that this data dump is legitimate it is a partial dump.