AT&T confirms data for 73 million customers leaked on hacker forum

[JohnS]

News of a privacy breach against the United States' largest telecommunication company, AT&T this week continues are worrying trend of hacks against big companies in Western Countries. If you are an AT&T customer no doubt you are mad, and you should be. These sort of things just shouldn't happen. Has your country had a large company suffer a date/privacy breach in recent times?

AT&T confirms data for 73 million customers leaked on hacker forum

By Lawrence Abrams

AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them.

This comes after AT&T has repeatedly denied for the past two weeks that a massive trove of leaked customer data originated from them and or that their systems had been breached.

While the company continues to say there is no indication their systems were breached, it has now confirmed that the leaked data belongs to 73 million current and former customers.

"Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders," AT&T said in a statement shared with BleepingComputer.

The company further says that the security passcodes used to secure accounts were also leaked for 7.6 million customers. 

In 2021, a threat actor known as Shiny Hunters claimed to be selling the stolen data of 73 million AT&T customers. This data includes names, addresses, phone numbers, and, for many customers, social security numbers and birth dates.

At the time, AT&T denied that they suffered a breach or that the data originated from them.

Fast forward to 2024, and another threat actor leaked the massive dataset on a hacking forum, stating it was the same data stolen by Shiny Hunters.

BleepingComputer analyzed the data and determined that it contained the same sensitive information that ShinyHunters claimed was stolen. However, not every customer had their social security number or birth date exposed by the incident.

Post on hacking forum leaking alleged AT&T data from 2021 breach Source: BleepingComputer

AT&T once again denied that they suffered a breach or that the data originated from them.

However, BleepingComputer has spoken to over 50 AT&T and DirectTV customers since the data was leaked, and they told us that the leaked data contains information that was only used for their AT&T accounts.

These customers stated that they used the disposable email feature of Gmail and Yahoo to create DirectTV or AT&T-specific email addresses that were only used when they signed up for their service.

These email addresses were confirmed not to be used on any other platform, indicating that the data had to have originated from DirectTV or AT&T.

Troy Hunt also confirmed similar information from customers after the data was added to the Have I Been Pwned data breach notification service.

However, after contacting AT&T numerous times with this information, the company has not responded to further emails until today.

DirectTV ultimately told BleepingComputer that we would need to contact AT&T with further questions as the data predates their spinoff, and they no longer have access to AT&T systems to confirm.

Today, AT&T told BleepingComputer that they would only share further information about the breach in their published statement and a new page on keeping AT&T accounts secure.

The page on keeping accounts secure further discloses that the passcodes for 7.6 million AT&T customers were compromised as part of the breach and have been reset by the company.

Customers use passcodes to further secure their AT&T accounts by requiring them to receive customer support, manage accounts at retail stores, or sign into their online accounts.

"It has come to our attention that a number of AT&T passcodes have been compromised," reads the new AT&T advisory.

"We are reaching out to all 7.6M impacted customers and have reset their passcodes. In addition, we will be communicating with current and former account holders with compromised sensitive personal information."

TechCrunch first reported on the compromised passcodes after being contacted by a researcher who said the leaked data contained encrypted passcodes for millions of users.

AT&T further says that the data appears to be from 2019 and earlier and does not contain personal financial information or call history.

The company will notify all 73 million former and current customers about the breach and the next steps they should take.

AT&T customers can also use Have I Been Pwned to determine if their data was compromised in this breach.

Source: https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/

[NSXCIGAR]

I hate to break it to everyone but our data is everywhere. "Secure data" is a fantasy. 

I'm just looking forward to my class action settlement check. 

[JohnS]

19 minutes ago, NSXCIGAR said:

I hate to break it to everyone but our data is everywhere. "Secure data" is a fantasy. 

I'm just looking forward to my class action settlement check. 

I'll be following that outcome very closely. We've had two large breaches ourselves in the last few years in Australia. The first was against the second largest telecommunications company, Optus and the second one was against our largest Private Health Insurer, Medibank. I would love a class settlement lawsuit against these companies!

[ha_banos]

What we should be learning from these is what these companies were and were not doing about it security. It's a classic non functional requirement situation. I live off mainly non functional requirements, keeping things up, performant, secure etc. The people governing these organisations should be made to pay up.

[Chibearsv]

17 hours ago, NSXCIGAR said:

I hate to break it to everyone but our data is everywhere. "Secure data" is a fantasy. 

I'm just looking forward to my class action settlement check. 

I hope the $3 and free 2 year subscription to life lock isn’t life changing for you. 

Can’t we just surrender to the fact that all of our shit is out there. Dual authentication is at least a shot to prevent access. 

[Baccy]

My bank had a data leak🤬

[NSXCIGAR]

8 hours ago, Chibearsv said:

I hope the $3 and free 2 year subscription to life lock isn’t life changing for you. 

Hey, last time I got $19. That's a decent cigar!