AT&T, the American telecommunications giant, has confirmed to Restore Privacy that it is investigating claims about a data breach impacting its customers.
This is in response to a January 6 post on the hacking forum Breached, where a user claimed to hold an AT&T database containing the information of 37,000,000 subscribers.
The threat actor published a hefty sample of five million lines, including the subscribers’ names, ZIP codes, email addresses, phone numbers, device details, contract details, and more.
The seller of the alleged AT&T database is willing to discuss offers of a five-digit sum of XMR (Monero), which is currently worth about $150. This means the asking price is at least $1,500,00.00
A threat actor with the email addresses, phone numbers, names, and the rest of the leaked information could perform phishing, social engineering, and scamming against the exposed individuals.
The seller of the data claims the set was stolen from AT&T during a network intrusion by a new group named ‘Endurance Ransomware,’ which has previously claimed breaches against a number of government and military organizations in the United States.
Typically, samples of data stolen by Endurance end up on Breached, where they are put up for sale, so the group operates more as an extortion group. It’s unknown if Endurance performs file encryption, as none of their past attacks were associated with service outages on the claimed victims.
AT&T has not confirmed yet if the leaked data belongs to its clients or if it might be the product of a new data breach or just a republishing of an old leak.
Instead, the ISP noted that the set does not contain sensitive details like credit card information, Social Security Numbers, account passwords, and device ID numbers.
In August 2022, 3.6 GBs of data allegedly belonging to 28.5 million AT&T clients leaked on the dark web, and analysis showed that the information was real.
The telecommunications service provider responded to the situation by saying that the data belonged to its customers, but denied having suffered a breach. Instead, AT&T said it might have been sourced by a breach on another company.
Big organizations like AT&T, with over 200 million subscribers, indeed have massive data overlaps with similarly large companies. Hence, a breach on any of them inevitably contains personal information of the customer base of the other.
Restore Privacy will continue to follow this leak closely, and we will update this article with new statements from AT&T as soon as the company’s internal investigation has been concluded.