Home Cyber Crime AT&T denies data breach after hacker auctions 70 million user database

AT&T denies data breach after hacker auctions 70 million user database


AT&T office

AT&T says that they didn’t endure a knowledge breach after a well known menace actor claimed to be promoting a database containing the alleged private data of 70 million clients. 

The menace actor, referred to as ShinyHunters, started promoting this database yesterday on a hacking discussion board with a beginning value of $200,000 and incremental affords of $30,000. The hacker states that they’re prepared to promote it instantly for $1 million.

Threat actor selling AT&T database on a hacking forum
Menace actor promoting AT&T database on a hacking discussion board

From the samples shared by the menace actor, the database accommodates clients’ names, addresses, cellphone numbers, Social Safety numbers, and date of delivery.

A safety researcher who needs to stay nameless instructed BleepingComputer that two of the 4 folks within the samples had been confirmed to have accounts on att.com.

Apart from these few particulars, not a lot is understood in regards to the database, the way it was acquired, and whether or not it’s genuine.

Nonetheless, ShinyHunters is a well known menace actor with a protracted historical past of compromising web sites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then promote on to different menace actors or make the most of a middle-man information breach vendor.

In lots of instances, when a database is just not bought, ShinyHunters will launch it at no cost on hacker boards.

Previously, ShinyHunters has breached quite a few firms, together with WattpadTokopedia, Microsoft’s GitHub accountBigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.comMathway, and many more.

AT&T denies struggling a breach

After studying of the menace actor’s claims, BleepingComputer reached out to AT&T to see if the information belonged to them.

In a number of emails, AT&T has instructed BleepingComputer that the information is just not from their programs and has not not too long ago been breached.

“Primarily based on our investigation right this moment, the data that appeared in an web chat room doesn’t seem to have come from our programs.” – AT&T.

When requested whether or not the information might have come from a third-party associate, AT&T selected to not speculate.

“Given this data didn’t come from us, we won’t speculate on the place it got here from or whether or not it’s legitimate,” AT&T instructed us in a follow-up e-mail.

ShinyHunters has instructed BleepingComputer that they don’t seem to be stunned that AT&T denies the breach and continues to state that it comes from them.

“I do not care if they do not admit. I am simply promoting,” ShinyHunters instructed BleepingComputer.

Whereas ShinyHunters states that they didn’t contact AT&T, they stated they’re prepared to “negotiate” with the corporate.

After we requested the menace actor for additional details about the breach, ShinyHunters refused to offer some other particulars.

This information comes quickly after a unique menace actor tried to sell the stolen data of 100 million T-Mobile customers.

T-Cell newest confirmed they had been hacked, and the cyberattack uncovered the personal data of 48 million T-Mobile customers.

Source link