There has been a claimed AT&T hack of personal data from 70 million customers, less than a week after a confirmed hack of tens of millions of T-Mobile customer records. In both cases, the data includes social security numbers.
Update: The carrier denied in stronger terms that it was hacked.
Restore Privacy broke the news.
- Name
- Phone number
- Physical address
- Email address
- Social security number
- Date of birth
Even more worryingly, the hacker is working on decrypting data that he believes comprises user accounts’ PINs.
A well-known threat actor is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, dates of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) and has provided RestorePrivacy with exclusive information for this report.
In the original post that we discovered on a hacker forum, the user posted a small sample of the data. We examined the sample and it appears to be authentic based on available public records. Additionally, the user who posted it has a history of major data breaches and exploits.
While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid. Here is the data that is available in this leak:
The site’s Sven Taylor tells me that the sample records he reviewed are too few to say for certain that the source was AT&T, but the hacker concerned has been proven correct about “many major leaks and breaches,” making him a credible source.
AT&T has issued a single-sentence statement that falls well short of a categorical denial:
Update the Carrier included a more complete rebuttal:
Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.
The hacker has said he is willing to reach “an agreement” with AT&T to remove the data from sale.
“Based on our investigation yesterday, the information that appeared in an internet chat room does not appear to have come from our systems.”
So there was no breach of AT&T?
Based on our investigation, no, we don’t believe this was a breach of AT&T systems.
Is this AT&T customer data? Where did it come from?
Given this information did not come from us, we can’t speculate on where it came from or whether it is valid.