Three years after a hacker first teased an alleged large theft of AT&T buyer knowledge, a breach vendor this week dumped the total dataset on-line. It accommodates the non-public data of some 73 million AT&T clients.
A brand new evaluation of the absolutely leaked dataset — containing names, dwelling addresses, cellphone numbers, Social Safety numbers, and dates of start — factors to the info being genuine. Some AT&T clients have confirmed their leaked buyer knowledge is correct. However AT&T nonetheless hasn’t mentioned how its clients’ knowledge spilled on-line.
The hacker, who first claimed in August 2021 to have stolen hundreds of thousands of AT&T clients’ knowledge, solely revealed a small pattern of the leaked data on the time, making it troublesome to confirm its authenticity.
AT&T, the most important cellphone service in the US, mentioned again in 2021 that the leaked knowledge “doesn’t seem to have come from our programs,” nevertheless it selected to not speculate as to the place the info had originated or whether or not it was legitimate.
Troy Hunt, a security researcher and proprietor of data breach notification website Have I Been Pwned, not too long ago obtained a duplicate of the total leaked dataset. Hunt concluded the leaked knowledge was actual by asking AT&T clients if their leaked data had been correct.
In a weblog put up analyzing the info, Hunt mentioned that of the 73 million leaked data, the info contained 49 million distinctive electronic mail addresses, 44 million Social Safety numbers, in addition to buyer dates of start.
When reached for remark, AT&T spokesperson Stephen Stokes advised information.killnetswitch in a press release: “We have now no indications of a compromise of our programs. We decided in 2021 that the knowledge provided on this on-line discussion board didn’t seem to have come from our programs. This seems to be the identical dataset that has been recycled a number of occasions on this discussion board.”
The AT&T spokesperson didn’t reply to observe up emails by information.killnetswitch asking if the alleged buyer knowledge was legitimate or the place its clients’ knowledge got here from.
As Hunt notes, the supply of the breach stays inconclusive. And it’s not clear if AT&T even is aware of the place the info got here from. Hunt mentioned it’s believable that the info originated both from AT&T or “a third-party processor they use or from one other entity altogether that’s solely unrelated.”
Investigating data breaches and leaks takes time. However by now AT&T ought to have the ability to present a greater clarification as to why hundreds of thousands of its clients’ knowledge is on-line for all to see.
information.killnetswitch’s Lorenzo Franceschi-Bicchierai contributed reporting.
