THREAT ALERT

Everything You Need to Know About the Alleged AT&T Data Leak

Wednesday, March 20th, 2024

VIEW ALL THREAT ALERTS

DefenseStorm

Reports of a massive AT&T data leak have surfaced, with around seventy million customers potentially affected. The data is reportedly for sale on a leak forum or website.

Brace yourself for a flood of reports of an AT&T breach, leak, data dump, or whatever news outlets will call it to get it your attention. That leak allegedly consists of data of approximately seventy million customers, primarily based in the US, and reportedly for sale on a leak forum or website.  Right now, I think we can firmly call it a leak of AT&T data.  The actual root source of the data has yet to be determined.  AT&T is denying, at the time of this writing, that the data came from their systems and has yet to confirm whether it may have come from a third party used by AT&T.  Here is what is known:

  • The leaked data contains email addresses, social security numbers, dates of birth, addresses, and phone numbers.
  • The data is being put up for sale reportedly by a hacker named Shiny Hunters, who claimed to have breached AT&T in 2021, collecting the information of seventy million customers. Shiny Hunters put that information up for sale on the web for a reported $1 million.  AT&T denied the data came from them at that time: “Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems,” AT&T told BleepingComputer in 2021.”
  • Malwarebytes has reported that a threat actor calling themselves MajorNelson has leaked what they claim is the same data from 2021.
  • Multiple news outlets have reported that independent sources have verified that at least parts of the data are valid.

Again, at this time, AT&T is denying access to their systems and the data coming from them.  Regardless, there are a few things you can do to help protect yourself if you think you may be impacted.

  • Change your passwords associated with all AT&T accounts.
  • Since AT&T has not confirmed that data has come from them, be very aware of phishing and social engineering attacks that claim to be from AT&T addressing or offering services to protect you from the data leak.
  • Freeze your credit and/or set up identity monitoring. This can usually be done by contacting one of the major credit bureaus.
  • Monitor your accounts for any suspicious activity.

The above list is not all inclusive but a good starting point to help keep you ahead of any potential compromise.

The news of this incident is still relatively new, and more details are emerging by the day.  Please bookmark and check AT&T’s website regularly to stay up to date on the latest developments and future actions you may need to take.

References:

hxxps://www[.]bleepingcomputer[.]com/news/security/att-says-leaked-data-of-70-million-people-is-not-from-its-systems/

hxxps://www[.]Malwarebytes[.]com/blog/news/2024/03/the-att-breach-what-you-need-to-know

James Bruhl

James Bruhl

Director of Cyber Threat Intelligence

James Bruhl is the Director of Cyber Threat Intelligence for DefenseStorm. He joined the company with 15 years of experience as a law enforcement officer, bringing extensive experience in crime prevention, evidence collection, investigative techniques, and crisis management. Driven by a passion for technological advancements and the ever-evolving landscape of digital threats, he transitioned to the field of digital forensics, incident response, and cybersecurity. In his role, he honed his skills in analyzing digital evidence, identifying cyber threats, and implementing robust security measures specializing in forensic examinations on various devices to uncover critical information and support investigations. James began at DefenseStorm as a security engineer in 2020 and developed DefenseStorm’s EDR Service. He was then appointed as Director of Cyber Threat Intelligence in 2022 and is responsible for nearly all facets of the EDR service. During his cyber career, James has been instrumental in proactively detecting and responding to cyber incidents and plays a vital role in incident response teams, coordination efforts to mitigate the impact of breaches, vulnerability identification, and strategy implementation to prevent future attacks. He continues to share his expertise by conducting training sessions, participating in conferences, and writing articles on topics related to digital forensics, incident response, and cybersecurity. James holds a bachelor’s in criminal justice from the University of North Georgia and a GCFE certification.