ShinyHunters, the threat actor infamous for stealing and selling off user data, claims to have user data including personal information of 70 million AT&T subscribers. The hacker wants $1 million for the data and has shared samples to prove the legitimacy. Without confirming the authenticity of the data, AT&T denies their systems were breached.
A week after T-Mobile was breached by unknown threat actors, RestorePrivacy discovered data records of tens of millions of AT&T customers are on sale. The hacker, going by the name ShinyHunters, claims to have data of 70 million customers of the largest telecom carrier in the United States.
RestorePrivacy said the hacker is currently in touch exclusively with them. ShinyHunters advertised the sale on RaidForums, a dark web marketplace popular for illicit monetization of data. The data includes customer names, social security numbers, dates of births, physical and email addresses, phone numbers, and maybe more.
ShinyHunters Ad for AT&T Customer Data | Source: RestorePrivacyOpens a new window
RestorePrivacy said they confirmed the legitimacy of data. “In the original post that we discovered on a hacker forum, the user posted a relatively small sample of the data. We examined the sample and it appears to be authentic based on available public records,†the company said.
See Also: ShinyHunters Leak 2.28M Dating Site Users’ Personal Info Online
Data Sample on Sale by ShinyHunters
What they could not confirm is whether or not the data actually belongs to AT&T customers. The company was also unable to trace the data back to the breach of AT&T systems/servers.
AT&T in conversation with GizmodoOpens a new window denied the claims. The telecom major said, “Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.â€
Upon further grilling by BleepingComputerOpens a new window , AT&T refused to comment on the validity of the data. “Given this information did not come from us, we can’t speculate on where it came from or whether it is valid.â€
AT&T’s denial prompted the hacker to tell RestorePrivacy: “they will keep denying until I leak everything.â€
The data is up for grabs for $1 million as a whole, or for $200,000 for access. ShinyHunters is also willing to negotiate with AT&T for safe return of the data. What the price will be for AT&T remains unknown as of now.
Closing Thoughts
This is a classic ShinyHunters course of action. Obtain data from somewhere and put it up for sale on the dark web with financial gains as the sole intention. The malicious group has previously targeted MeetMindful (2.28 million users), JusPay (100 million usersOpens a new window ), BigBasket (20 million userOpens a new window s), BuyUCoin (325,000 usersOpens a new window ), Pixlr (1.9 million users), WishBone (40 million usersOpens a new window ), Dave (7.5 million usersOpens a new window ), Microsoft (500 GB code repositoriesOpens a new window ) and many, many more.
It is unlikely that ShinyHunters indeed has data of 70 million AT&T customers. Going by the T-Mobile incident — wherein the actual data found to have been breached was just over half of the total 100 million users as initially claimed — the actual data by SHinyHunters is possibly lesser.
Presently, AT&T is denying the claims. It remains to be seen if the company remains in denial mode when more information comes to light.
Let us know if you enjoyed reading this story on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!