Hacker Selling Alleged Private Data of 70 Million AT&T Customers for $1 Million
Posted August 20, 2021 at 6:05pm by iClarified
A well known hacker is claiming to have the private records of 70 million AT&T customers and is looking to the sell the data for $1 million, reports Restore Privacy. This follows a massive T-Mobile hack that has exposed the information of over 50 million people.
ShinyHunters, who was also behind exploits affecting Microsoft, Tokopedia, Pixlr, Mashable, Minted, and others, listed the data for sale on an underground hacking forum today.
The data is currently being offered for $1 million USD for a direct sell (or flash sell) and $200,000 for access that is given to others. Assuming it is legit, this would be a very valuable breach as other threat actors can likely purchase and use the information for exploiting AT&T customers for financial gain.
The site obtained a sample of the data which included name, phone number, physical address, email address, social security number, and date of birth. The information provided appears to be valid.
Notably, there is a third encrypted string of data which has yet to be decrypted. ShinyHunters believes this could be user PINs.
When asked for comment, AT&T issued the following statement.
Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.
ShinyHunters response:
It doesn’t surprise me
I think they will keep denying until I leak everything
Hit the link below for more details and please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for updates.
Read More
ShinyHunters, who was also behind exploits affecting Microsoft, Tokopedia, Pixlr, Mashable, Minted, and others, listed the data for sale on an underground hacking forum today.
The data is currently being offered for $1 million USD for a direct sell (or flash sell) and $200,000 for access that is given to others. Assuming it is legit, this would be a very valuable breach as other threat actors can likely purchase and use the information for exploiting AT&T customers for financial gain.
The site obtained a sample of the data which included name, phone number, physical address, email address, social security number, and date of birth. The information provided appears to be valid.
Notably, there is a third encrypted string of data which has yet to be decrypted. ShinyHunters believes this could be user PINs.
When asked for comment, AT&T issued the following statement.
Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.
ShinyHunters response:
It doesn’t surprise me
I think they will keep denying until I leak everything
Hit the link below for more details and please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for updates.
Read More