An alleged AT&T data leak has reportedly been denied by the telecommunications giant, claiming that the data from roughly 70 million people recently posted for free on a hacking forum did not originate from their systems.
The hacker, who goes by the screen name 'MajorNelson,' posted the data for free on a hacking forum, claiming it came from a 2021 data breach by the hacking group ShinyHunters against an unnamed AT&T division.
(Photo: PAU BARRENA/AFP via Getty Images) A visitor walks past US multinational telecommunications AT&T logo at the Mobile World Congress (MWC), the telecom industry's biggest annual gathering, in Barcelona on February 27, 2023.
The exposed data reportedly contains 73,481,539 records. It includes names, addresses, phone numbers, encrypted social security numbers, birth dates, and other internal data.
AT&T insists this material did not come from them, and there appears to be no evidence of a breach in their systems.
When questioned whether the data may have originated from a third-party vendor or service provider, AT&T has not yet replied.
The source of the data is currently unknown. No evidence suggests whether this data is from an AT&T "division" or a third party compromised it. Nevertheless, all indications indicate that this is AT&T user data, regardless of where it originated.
Read Also: Roku Suffers Data Breach, Hackers Sell Credentials of Hundreds of 15,000 Stolen Accounts
AT&T Customers' Data at Risk
According to BleepingComputer, many of the disclosed data sets appear to have originated from AT&T customers who have online accounts.
The report also verified that some data, such as phone numbers, residences, dates of birth, and social security numbers, are accurate.
However, the accuracy of all 73 million lines has yet to be verified.
Moreover, several cybersecurity experts have verified that some of the data is legitimate, including VX-Underground and Dark Web Informer.
In addition, BleepingComputer could not locate information about individuals known to be AT&T customers in 2021 and prior years.
This, however, would not be out of the ordinary given that, if this data leak is authentic, it is only a partial dump, with 201.8 million mobile customers as of the end of 2021.
AT&T 2021 Data Breach
'MajorNelson' claims that the leaked data came from the hacking group ShinyHunters, which claimed to possess about 70 million AT&T customers' confidential information in August 2021.
AT&T also refuted any claims that the data had been taken from its servers at the time.
The group informed RestorePrivacy that they were willing to assist AT&T in safeguarding its systems in exchange for a payout, notwithstanding the threat actors' claims that the data belonged to US users of the telecom company.
Popular hacker group ShinyHunters is well-known for selling data taken from tens of significant companies, including Microsoft, Minted, Chatbooks.com, Homechef, Tokopedia, and Homechef.
According to the RestorePrivacy website, which examined a genuine sample, the group requested $1 million for the whole database in August 2021 or $200,000 for access.
Related Article: [UPDATE] AT&T Confirms Outage Wasn't a Cyberattack Aftermath
(Photo: Tech Times)
