A huge cache of AT&T customer data has been made available online, with as many as 70 million individuals affected.
The files, believed to be from a breach sometime in 2021 or earlier, didn’t come from a direct breach, says AT&T, but regardless, they’re out there, and include names, addresses, phone numbers, birth dates and social security numbers.
Read on to find out more about this data leak, and what you can do if you have been affected.
AT&T Customer Data for Sale
The details of 70 million AT&T Customer accounts, including names, addresses, phone numbers, dates of birth and social security numbers, have been leaked online.
Details of the leaked data first appeared online in August 2021, when a known threat actor, ShinyHunters, offered up the records for sale on a hacking forum, with a ‘buy it now’ price of one million dollars.
Now, that same data appears to have been made available for free by another threat actor, MajorNelson. While the data represents less than half of AT&T’s customer records, it is still a huge treasure trove of personal information, and could be highly dangerous in the wrong hands.
Where Did the AT&T Data Come From?
Data breaches happen all the time in 2024, and customers have had to become all too savvy about changing their details as their data is exposed in yet another leak. However, there’s usually a clear path as to where the breach occurred – with this AT&T data, nobody is owning up.
Back in August 2021, when the information was first made available for sale, it was claimed to have come from an AT&T data breach, which seems the most obvious conclusion. However, at the time, AT&T denied all knowledge, telling Bleeping Computer that the data did “not appear” to have come from their systems.
Now, almost three years later, the company is sticking to its guns, denying all knowledge of where this cache of AT&T customer data could have originated from.
How to Check if Your AT&T Data Has Been Leaked
Regardless of if the customer data came from a direct beach of AT&T systems, or via a third party, the end result is the same – the information is out there, and could be used by malicious persons to obtain even more data from the victims.
While some data, such as names, addresses and phone numbers are in plain text, the more valuable data, such as social security numbers and dates of birth, are encrypted. However, before you breathe a sigh of relief, the data set also includes files which decrypt these, so best to assume that everything is available.
While it’s almost impossible to verify the 70 million records, security researchers, such as Troy Hunt, have already dug into the data and confirmed the validity of portions of it.
If you were an AT&T customer up to August 2021, we’d suggest that you head over to Troy’s excellent site, haveibeenpwnd.com, where he has recorded the impacted AT&T accounts. Simply search with the email you used for your AT&T account, and if it has been leaked, you’ll soon find out.
If you have been affected, we’d recommend changing your password as best practice, although it is worth noting that passwords don’t appear to have been collected in this data. However, password security is more important than ever, and it’s better to be safe than sorry.
You’ll also want to be vigilant for potential phishing or other hacking attempts. With this data out in the wild, chances are that threat actors will utilize it to issue scamming campaigns. Keep your wits about you, and be wary of an unsolicited emails or calls, especially any that are purporting to be from AT&T.
