Threat Actor: ShinyHunters
Victim: AT&T
Information:
🌟 AT&T confirmed a data breach that affected 73 million customers.
🌟 The data breach occurred in March 2024.
🌟 The leaked data was obtained by ShinyHunters in 2021.
🌟 ShinyHunters is a well-known hacking group that has targeted major organizations.
🌟 The group offered to sell the AT&T customer database for $1 million or $200,000 for access.
🌟 The leaked data includes personal information such as names, phone numbers, addresses, email addresses, social security numbers, and dates of birth.
🌟 ShinyHunters claimed that the data belonged to AT&T customers in the United States.
🌟 AT&T initially denied the data breach but later confirmed it.
🌟 AT&T believes that the leaked data is from 2019 or earlier.
🌟 The company is conducting an investigation with cybersecurity experts.
🌟 AT&T does not have evidence of unauthorized access to its systems resulting in the exfiltration of the data set.
————————————————–
In March 2024, more than 70,000,000 records from an unspecified division of AT&T were leaked onto Breached forum, vx-underground researchers reported.
The researchers confirmed that the leaked data is legitimate, however, it is still unclear if the information was stolen from a third-party organization linked to AT&T.
The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ShinyHunters in 2021. The archive contains 73.481.539 records.
“It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. It was leaked online today.” said vx-underground.
In August 2021, the ShinyHunters group claimed to have a database containing private information on roughly 70 million AT&T customers, but the company denied that they had been stolen from its systems.
ShinyHunters is a popular hacking crew that is known to have offered for sale data stolen from tens of major organizations, including Tokopedia, Homechef, Chatbooks.com, Microsoft, and Minted.
In August 2021, the group asked $1 million for the entire database, or $200,000 for access, according to the RestorePrivacy website that examined a sample that appears authentic.
“While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid.” reads the RestorePrivacy website. “Here is the data that is available in this leak:
- Name
- Phone number
- Physical address
- Email address
- Social security number
- Date of birth”
The threat actors claimed that data belonged to AT&T customers in the United States, the group told RestorePrivacy that they were available to support AT&T in securing its systems for a reward.
AT&T initially denied any data breach, below is the statement from the telecomunication giant:
“Based on our investigation Thursday, the information that appeared in an internet chat room does not appear to have come from our systems,”
On Saturday, the telecommunications company retracted its initial denial and confirmed the data breach. The data was “released on the dark web approximately two weeks ago,” said the company.
“It is not yet known whether the data … originated from AT&T or one of its vendors,” the company added. “Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
The company pointed out that it is not aware of any compromise of its infrastructure.
“We have no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. We believe and are working to confirm that the data set discussed today is the same dataset that has been recycled several times on this forum.” AT&T told CNN.
The company believes that leaked data are from 2019 or earlier.
“AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.” reads a statement published by the telecommunication giant. “Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)
Source: Original Post