AT&T Data Breach: 73 Million Customers’ Information Exposed
After weeks of denial, telecommunications giant AT&T has finally admitted to a data breach impacting a staggering 73 million current and former customers. Initially refuting claims that leaked data originated from their systems, the company now confirms the authenticity of the compromised information.
The breach, which AT&T asserts did not involve a direct compromise of their systems, is believed to have occurred in 2019 or earlier. It affects approximately 7.6 million current account holders and a significant 65.4 million former customers. Among the compromised data are names, addresses, phone numbers, and in many cases, social security numbers and birth dates.
AT&T’s admission follows the surfacing of the data on a hacking forum, previously claimed to have been stolen by a threat actor known as Shiny Hunters in 2021. Despite previous denials, analysis conducted by cybersecurity experts at BleepingComputer confirms the authenticity of the leaked information.
Post on hacking forum leaking alleged AT&T data from 2021 breach
Source: BleepingComputer
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Moreover, interactions with over 50 AT&T and DirectTV customers reveal that the compromised data includes details unique to their AT&T accounts, suggesting a direct link to the telecom giant. These findings align with similar reports from renowned security researcher Troy Hunt, further indicating the origin of the breach.
In response to inquiries, AT&T has announced the reset of passcodes for 7.6 million affected customers as a precautionary measure. Passcodes, used for additional security measures such as customer support interactions and account management, were among the compromised data sets.
Trending: Understanding PTaaS and SOC
Trending: Offensive Security Tool: WAF Bypass