AT&T Admits Data of 73 Million Account Holders Leaked to Dark Web

Data from roughly 7.6 million current account holders and 65.4 million former account holders were released on the dark web, AT&T said.

Telecom giant AT&T disclosed on Saturday that data from some 73 million current and former account holders has been leaked onto the “dark web” and the incident is under investigation.

In a March 30 announcement, AT&T said that data from roughly 7.6 million current account holders and 65.4 million former account holders were released on the dark web around two weeks ago.
The company said in a separate notice that the data set seems to be from 2019 or earlier and, while the type of information compromised varies by customer and account, it may include passcodes, full name and email address, home address, phone number, date of birth, and Social Security numbers.

AT&T said it had reset passcodes for 7.6 million current account holders affected by the leak.

“We will be reaching out to individuals with compromised sensitive personal information separately and offering complimentary identity theft and credit monitoring services,” the company said in a statement.

AT&T said it hasn’t found any evidence of unauthorized access to its systems that resulted in data being stolen and that it has launched a “robust” investigation into the incident with the help of outside cybersecurity experts.

“Our internal teams are working with external cybersecurity experts to analyze the situation,” the company said in a statement. “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”

It’s unclear if the leaked data originated from AT&T or one of the company’s vendors.

AT&T said the incident has not had a material impact on its operations.

‘The Impact Is Significant’

The threat actor was trying to auction off the data on a hacking forum, according to BleepingComputer, with a starting price of $200,000 while offering to sell it immediately for $1 million.

At the time, AT&T told BleepingComputer that the information the hacker was trying to auction off did not come from its systems.
Troy Hunt, a security researcher, recently said in a blog post that he had obtained the full data set and concluded the data pertains to AT&T customers by contacting some of them to verify its accuracy.

Mr. Hunt said that what the hacker was advertising as around 70 million records actually had 73.5 million lines, including 49.1 million unique email addresses, 44 million Social Security numbers, and 43.5 million dates of birth.

He said it’s inconclusive whether the data originated from AT&T or a third-party, but insisted that he had proved “with sufficient confidence, that the data is real and the impact is significant.”

AT&T spokesperson Stephen Stokes told TechCrunch that the data doesn’t appear to have come from its systems.

“We have no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems,“ Mr. Stokes told the outlet in a statement. ”This appears to be the same dataset that has been recycled several times on this forum.”

The latest development involving AT&T comes about a month after the telecom giant suffered a 12-hour-long outage to its U.S. cellphone network.

Please Donate Below To Support Our Ongoing Work To Defend The Scientific Method

PRINCIPIA SCIENTIFIC INTERNATIONAL, legally registered in the UK as a company incorporated for charitable purposes. Head Office: 27 Old Gloucester Street, London WC1N 3AX. 

Trackback from your site.

Comments (3)

  • Avatar

    Tom

    |

    Yeppers…everything’s hackable.

    Reply

    • Avatar

      Howdy

      |

      Depends how hard a network needs to be, Tom. Cost, ease of maintenance, or administration, appears to be a large driving force in security appliances and firewalls.
      That is not congruous to max defence, but allways a compromise.
      Effectiveness vs good enough, but there is no such thing as good enough where security is concerned.

      Say a perimeter device protects a ‘trusted’ network. Once that perimeter is breached, the network is not trusted, nor was it ever. Trust, and security do not work for me when based on automated rule sets in particular.

      Reply

  • Avatar

    John Thomas Bakkila

    |

    I have AT&T.
    I noticed the service interuptions (more than one) weeks before anything was reported, and also was notified weeks before anything was reported. The first interruption resulted in me getting unlimited hotspot service for 2 weeks. The second interruption happened the next night at the exact same time for nearly the same amount of time. It was then that I knew they were most likely upgrading equipment. This may also have been a vulnerable time for attackers.
    Just my observation.

    Reply

Leave a comment

Save my name, email, and website in this browser for the next time I comment.
Share via