AT&T Denies Data Breach

Written by

Telecommunications company AT&T has trashed claims that the personal data of 70 million of its customers has been stolen by the threat actor ShinyHunters.

The cyber-thief, whose previous exploits have affected Microsoft, Dave, Tokopedia, Pixlr, Mashable, and Havenly among others, posted news of the data theft on an underground hacking forum earlier this month. 

On the forum, ShinyHunters shared a small sample of the data they claim to have swiped from AT&T. The threat actor also offered to sell the whole database for the price of $1m. 

Researchers at RestorePrivacy analyzed the sample of data shared by the threat actor. 

"We examined the sample, and it appears to be authentic based on available public records. Additionally, the user who posted it has a history of major data breaches and exploits," wrote researchers in a blog post. 

They added: "While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid."

Researchers believe that ShinyHunters has accessed customer data including names, phone numbers, physical addresses, email addresses, Social Security numbers, and birth dates. 

The hacker told RestorePrivacy that all the allegedly stolen data related to AT&T customers located in the United States. While they would not reveal how they obtained the data, ShinyHunters did say that they had accessed three encrypted strings of data that included dates of birth and Social Security numbers. 

In an update to a blog post published August 19, the researchers said that AT&T had denied the breach.

An AT&T corporate communications officer told RestorePrivacy: "Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems."

Researchers described the company's response as "interesting" and noted that "the claim that this was posted in an 'internet chat room' is simply not correct. It was posted in a well-known hacking forum by a user with a history of large (and verified) exploits." 

The communication company's comment came as no shock to ShinyHunters. 

The threat actor told researchers: "It doesn’t surprise me. I think they will keep denying until I leak everything."

What’s hot on Infosecurity Magazine?