Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
AT&T Privacy

Hacker Selling Private Data Allegedly From 70 Million AT&T Customers (restoreprivacy.com) 12

An anonymous reader quotes a report from Restore Privacy: A well-known threat actor with a long list of previous breaches is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, date of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) and has provided RestorePrivacy with exclusive information for this report. The threat actor goes by the name of ShinyHunters and was also behind other previous exploits that affected Microsoft, Tokopedia, Pixlr, Mashable, Minted, and more. The hacker posted the leak on an underground hacking forum earlier today, along with a sample of the data that we analyzed. AT&T has initially denied the breach in a statement to RestorePrivacy. The hacker has responded by saying, "they will keep denying until I leak everything." "Based on our investigation yesterday, the information that appeared in an internet chat room does not appear to have come from our systems," AT&T said in a statement. When pressed harder and asked specifically if there was no AT&T breach, the company said: "Based on our investigation, no, we don't believe this was a breach of AT&T systems."

"Given this information did not come from us, we can't speculate on where it came from or whether it is valid," they added. The hacker says they're willing to reach "an agreement" with AT&T to remove the data from sale.

The possible breach of AT&T follows a T-Mobile hack from earlier this week, which impacts 40 million records of former and prospective customers.
This discussion has been archived. No new comments can be posted.

Hacker Selling Private Data Allegedly From 70 Million AT&T Customers

Comments Filter:
  • all the info they have on you is in the hands of criminals. Welcome to the Big Tech modern world.
    • There's been so many leaks is there any information left to leak?

      • There's been so many leaks is there any information left to leak?

        Depends, do you have enough "Free Credit Monitoring" for the rest of your life yet? /s

      • There's been so many leaks is there any information left to leak?

        Leaks are good. The more the better.

        Eventually, people will understand that information such as SSNs and CC#s can't be both widely known and secret.

  • No, this is a completely different leak, we didn't just change the file name and leak it again!
    • by Kisai ( 213879 )

      Nah, Anyone who has worked for AT&T, regardless as an employee or as a third-party store, or an outsourced customer support rep, has access to your SSN, name, location, phone number, and payments.

      90% chance it came from the former AT&T Wireless 2G system or Cingular's 2G system. 10% chance it came from the receivables (in house collections) department, as they have access to all that information. The reason I say this is because the 2G system had the SSN in the clear, and anyone who activated an acc

      • by timholman ( 71886 ) on Friday August 20, 2021 @07:37PM (#61713413)

        Like AT&T can say "it wasn't us" but they themselves have no idea what it's from in all likeliness.

        Anyone who has ever had an AT&T account and has tried to navigate their web portal or contact customer service will soon realize that the right hand has absolutely no idea what the left hand is doing at AT&T.

        I do not doubt that this hack is legitimate, nor am I surprised that AT&T is denying it. For them it is not malice, it is sheer ignorance. One half of the company is literally clueless about the other half.

        As an AT&T Gigafiber customer, I can only say that I'm very happy that I froze my credit with the credit bureaus long ago.

  • This person is claiming to have done the crime, and apparently is known for having done other crimes too. This person is the attacker, the perpetrator, the public enemy, selling our PII for pennies... I don't know, seeing the term threat actor when it's an actual event, and not an abstract model, seems out of place.

  • Well I don't know about other AT&T customers, but I am certainly looking forward to my $10 inconvenience discount for this data breach.

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...