Just days after telecommunications provider T-Mobile had millions of its customers affected by a data breach, another telco provider, AT&T, reportedly falls victim to a cyberattack by a notorious hacking group, with 70 million user records compromised and being sold. AT&T has since denied the allegations.
RestorePrivacy was the first site to report the incident in a blog post dated last Thursday, August 19, 2021. According to Sven Taylor of RestorePrivacy, the renowned hacking group, going by the name ShinyHunters, is selling the data for $1 million. Meanwhile, the hacking group is amenable to selling parts of the database for $30,000 per piece, reveals Gizmodo.
Meanwhile, RestorePrivacy states that those who simply want access to be given to others can avail of the personal details for $200,000.
According to the hackers, they have obtained the personal details of AT&T customers. These include the names of customers, their phone numbers, addresses, Social Security numbers, and dates of birth. It is possible that a third encrypted string of data also includes the users’ pin, claimed the hacker.
RestorePrivacy reached out to the hacking group which confirmed that all of the information came from the United States branch of AT&T, impacting only customers from the country. However, ShinyHunters reportedly declined to disclose how they were able to obtain the said customer details.
Taylor of RestorePrivacy reports that they have “examined the sample and it appears to be authentic based on available public records.” The sample Taylor was referring to was the small part of the database posted on the hacker forum.
Despite these claims, AT&T has issued a statement denying the data breach. In a statement, it said that “Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.”
A follow-up email and statement was also sent to Bleeping Computer saying, “Given this information did not come from us, we can’t speculate on where it came from or whether it is valid.” Gizmodo said that this statement seemed to evade responsibility for the said issue.
In response to this statement by AT&T, ShinyHunters said, “It doesn’t surprise me. I think they will keep denying until I leak everything.”
Prior to the hacking group’s cyberattack on AT&T, ShinyHunters have previously launched campaigns against other tech firms and companies, including the likes of Microsoft, Mashable, Tokopedia, Couchsurfing.com, BigBasket, Wishbone app, and many others.