70 Million AT&T Accounts Leaked Online – How to Check Yours

A treasure trove of AT&T data, including social security numbers, has been leaked online for everyone to see.

A huge cache of AT&T customer data has been made available online, with as many as 70 million individuals affected.

The files, believed to be from a breach sometime in 2021 or earlier, didn’t come from a direct breach, says AT&T, but regardless, they’re out there, and include names, addresses, phone numbers, birth dates and social security numbers.

Read on to find out more about this data leak, and what you can do if you have been affected.

Surfshark Logo
Want data breach alerts delivered straight to your phone? Surfshark One includes a VPN, antivirus protection and will alert you if your data is leaked - all for just $3.19.month.
30 Day Risk-Free Money Back Guarantee 💰

AT&T Customer Data for Sale

The details of 70 million AT&T Customer accounts, including names, addresses, phone numbers, dates of birth and social security numbers, have been leaked online.

Details of the leaked data first appeared online in August 2021, when a known threat actor, ShinyHunters, offered up the records for sale on a hacking forum, with a ‘buy it now’ price of one million dollars.

Now, that same data appears to have been made available for free by another threat actor, MajorNelson. While the data represents less than half of AT&T’s customer records, it is still a huge treasure trove of personal information, and could be highly dangerous in the wrong hands.

Where Did the AT&T Data Come From?

Data breaches happen all the time in 2024, and customers have had to become all too savvy about changing their details as their data is exposed in yet another leak. However, there’s usually a clear path as to where the breach occurred – with this AT&T data, nobody is owning up.

Back in August 2021, when the information was first made available for sale, it was claimed to have come from an AT&T data breach, which seems the most obvious conclusion. However, at the time, AT&T denied all knowledge, telling Bleeping Computer that the data did “not appear” to have come from their systems.

Now, almost three years later, the company is sticking to its guns, denying all knowledge of where this cache of AT&T customer data could have originated from.

How to Check if Your AT&T Data Has Been Leaked

Regardless of if the customer data came from a direct beach of AT&T systems, or via a third party, the end result is the same – the information is out there, and could be used by malicious persons to obtain even more data from the victims.

While some data, such as names, addresses and phone numbers are in plain text, the more valuable data, such as social security numbers and dates of birth, are encrypted. However, before you breathe a sigh of relief, the data set also includes files which decrypt these, so best to assume that everything is available.

While it’s almost impossible to verify the 70 million records, security researchers, such as Troy Hunt, have already dug into the data and confirmed the validity of portions of it.

If you were an AT&T customer up to August 2021, we’d suggest that you head over to Troy’s excellent site, haveibeenpwnd.com, where he has recorded the impacted AT&T accounts. Simply search with the email you used for your AT&T account, and if it has been leaked, you’ll soon find out.

If you have been affected, we’d recommend changing your password as best practice, although it is worth noting that passwords don’t appear to have been collected in this data. However, password security is more important than ever, and it’s better to be safe than sorry.

You’ll also want to be vigilant for potential phishing or other hacking attempts. With this data out in the wild, chances are that threat actors will utilize it to issue scamming campaigns. Keep your wits about you, and be wary of an unsolicited emails or calls, especially any that are purporting to be from AT&T.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Jack is the Deputy Editor for Tech.co. He has over 15 years experience in publishing, having covered both consumer and business technology extensively, including both in print and online. Jack has also led on investigations on topical tech issues, from privacy to price gouging. He has a strong background in research-based content, working with organisations globally, and has also been a member of government advisory committees on tech matters.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals