Personal data from some 70 million AT&T customer records has been stolen, although AT&T says the it isn’t really from their subscribers. Regardless of where it was taken, the data includes names, phone numbers, social security numbers, birth dates, and physical addresses.
The hacker, named ShinyHunters, is trying to sell the database for US$1 million and is also trying to crack user account PINs, according to Restore Privacy. Based on their research, the data appears to be legit, but they haven’t been able to confirm it came from AT&T.
Restore Privacy said,
A well-known threat actor is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, dates of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) and has provided RestorePrivacy with exclusive information for this report.
The hacker responded to AT&T denial saying, “It doesn’t surprise me. I think they will keep denying until I leak everything.”
Of course, if the hacker really does “leak everything,” that will kill any chances of selling the database since all of the information will be out in the open.
News of the supposed AT&T data breach comes only days after T-Mobile suffered a data breach affecting over 100 million customers. Like the AT&T leak, customer social security numbers were in the harvested data.
Like so many data breaches that have already happened, the supposed AT&T hack underscores how vulnerable our personal information really is. Unfortunately, it’s likely the stolen data will be used for identity theft. The US Federal Trade Commission website has resources for identity theft victims to help recover, and to report incidents.