AT&T is reported to have suffered a massive data breach, resulting in hackers gaining access to the personal data of over 86 million customers. With nearly 100 million customers in the US, the telecom provider’s data breach has seen the personal information of most of its customers uploaded to the dark web. According to a report from Hack Read, the leaked details include full names, dates of birth, phone numbers, email addresses, and physical addresses of AT&T customers. The report claims that more than 44 million Social Security Numbers were also part of the data leak. When combined, these data sets pose significant privacy risks and could help in the creation of complete identity profiles for defraud or identity theft, the report adds. The stolen data is reportedly fully decrypted and was initially posted on a Russian cybercrime forum last month, then re-uploaded to the same forum earlier this month. Hackers reportedly gained access to the data through accounts lacking multi-factor authentication. The report also connects the latest leak to an original hack attributed to the ShinyHunters group in April 2024.
AT&T’s Response to the Latest Data Breach
In a statement to Hack Read, an AT&T spokesperson said: “It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain. We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation.” As per the report, the original seller of the exposed data claimed the leak is “originally one of the databases from the Snowflake breach.” However, HackRead’s analysis found this breach contains about 16 million more records than the earlier one.
AT&T also acknowledged that security researchers had questioned any connection between this breach and the original 2024 incident.
“After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024. Affected customers were notified at that time. We have notified law enforcement of this latest development,” the company further noted.
Users who want to check if their data was involved can use a tool from cybersecurity firm Pentester by visiting npd.pentester.com, where entering their details will show a list of breached accounts.
Security experts have also recommended that customers regularly monitor their credit reports.
Source Link
