AT&T denies leaked data of 70 million people is from its systems

A hacker is selling a database, claiming it was stolen from AT&T years ago

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A hacker is selling a huge archive on the dark web, claiming it originated from a 2021 data breach at American telecommunications giant AT&T - however the company denies the data originated from its servers.

BleepingComputerreported a threat actor with the alias ShinyHunters posted an ad on the RaidForums for the sale of sensitive data belonging to 71 million AT&T customers.

The database contains people’s names, addresses, mobile phone numbers, birth dates, social security numbers, and other sensitive information. The publication analyzed a sample of the data and confirmed its authenticity. Whether or not the entire database is legitimate, is impossible to determine at this time.

History of breaches

ShinyHunters’s starting price is $200,000, with incremental offers of $30,000. They would sell the database immediately for an offer of $1 million, it was said.

However, when approached by the publication, AT&T said the data wasn’t theirs: “Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems,” AT&T toldBleepingComputerin 2021. ShinyHunters, on the other hand, responded that they “don’t care if they don’t admit”.

AT&T has a history ofmalwareand data breaches. Roughly a year ago, the company warned millions of its users that some of their sensitive data was exposed in a supply chain cyberattack. Apparently, a marketing vendor was breached a few months earlier, resulting in the theft of AT&T’s data.

In that incident, nine million of its customers were affected, with hackers stealing customer proprietary network information from some wireless accounts. That includes, among other things, the number of lines on an account or wireless rate plan.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Earlier still, in July 2020, news broke that AT&T some employees took bribes to install malware on their network. Two individuals, who were later uncovered to be Muhammad Fahd and Ghulam Jiwani, were charged with paying over $1 million in bribes to several AT&T employees at the telecom’s Mobility Customer Care call center in Washington.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

7 myths about email security everyone should stop believing