A risk actor has re-released information from a 2021 AT&T breach affecting 70 million prospects, this time combining beforehand separate information to straight hyperlink Social Safety numbers and beginning dates to particular person customers.
AT&T instructed BleepingComputer that they’re investigating the information but in addition consider it originates from the identified breach and was repackaged into a brand new leak.
“It isn’t unusual for cybercriminals to repackage beforehand disclosed information for monetary acquire. We simply realized about claims that AT&T information is being made accessible on the market on darkish net boards, and we’re conducting a full investigation,” AT&T instructed BleepingComputer.
As first noticed by HackRead, the AT&T information was launched on a preferred Russian-speaking hacking discussion board, the place a risk actor claimed it was stolen through the 2024 AT&T Snowflake information theft assault, which uncovered the decision logs of 109 million prospects.
“Initially one of many database from the snowflake breach right here is my backup I created which has bogus numbers corresponding to 00000 (I feel federal brokers…?) eliminated and I’ve additionally decrypted the SSNs and DOBs,” reads the discussion board submit.
Supply: BleepingComputer
Nonetheless, BleepingComputer’s evaluation of the leak signifies that the information truly originates from an AT&T data breach in 2021 carried out by a well known risk actor named ShinyHunters, who tried to promote it for $200,000.
Three years later, in March 2024, one other risk actor leaked the complete AT&T information on a cybercrime discussion board without cost, stating it was from ShinyHunter’s 2021 AT&T breach.
This information included names, addresses, cell phone numbers, encrypted date of beginning, encrypted social security numbers, and different inside info. Nonetheless, included within the leak had been particular person information that mapped the encrypted SSNs and DOBs with their unencrypted plain textual content strings.
On the time, AT&T first denied that the information was theirs however ultimately confirmed that the information was stolen from their programs and impacted 73 million prospects.
Evaluation of the present leak by BleepingComputer exhibits it is the identical information leaked in 2024 however cleaned as much as take away inside AT&T information and add the unencrypted Social Safety quantity and date of beginning to every buyer document.
In complete, there are 88,320,017 strains of information within the leak, however while you take away duplicates, it goes right down to 86,017,088 distinctive information.
Additional processing of the information exhibits that it incorporates 48,896,044 distinctive telephone numbers with related buyer info.
This vital drop is attributable to many shoppers having a number of information with the identical telephone quantity used at totally different addresses.
To reiterate, this isn’t a brand new AT&T leak or the stolen Snowflake information however relatively a repackaged model of the 2021 data breach.
Handbook patching is outdated. It is gradual, error-prone, and difficult to scale.
Be a part of Kandji + Tines on June 4 to see why outdated strategies fall quick. See real-world examples of how trendy groups use automation to patch sooner, reduce threat, keep compliant, and skip the complicated scripts.
