Last week, ShinyHunters posted a promotion for “AT&T Database + 70M (SSN/DOB)” on the popular darknet market RaidForums. The threat actor set bids at a starting price of $200,000 and increments of $30,000. In addition to this, there is a flash sale where customers can purchase the entire database for $1 million.
"When we arehackerIn the original post found on the forum, the user posted a relatively small sample of the data. We checked the sample and based on available public records, it appears to be authentic," said Sven Taylor of RestorePrivacy, who first reported the data breach.
ShinyHunters shared a sample subset of the stolen data, names, contact numbers, physical addresses, Social Security numbers (SSN) and dates of birth. An anonymoussecurity expertBleepingComputer was told that two of the four people in the sample were users in AT&T's database. Hackers also worked to decrypt data they believed contained customer account PINs.
"Based on our investigation today, the messages appearing in Internet chat rooms do not appear to originate from our systems," AT&T responded to ShinyHunters' claims.
In a follow-up email to BleepingComputer, the telecoms provider hedged on whether the data might have been stolen from a third party: "Given that this information was not provided by us, we cannot speculate on where it came from or whether it is valid," the company said.
In the past, ShinyHunters has targeted customers including Microsoft, Mashable, Tokopedia, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and many other small and medium-sized platforms. Its modus operandi is to steal credentials, API keys, or purchase large amounts of data, then dump and sell them on underground platforms.
Earlier this month, another telecoms provider, T-Mobile, suffered a data breach that exposed the private details of tens of millions of its customers. To address this issue, T-Mobile is promising free identity protection services to its users.
Original article by Chief Security Officer, if reproduced, please credit https://www.cncso.com/en/att-user-personal-information-sold.html
