A menace actor has re-released knowledge from a 2021 AT&T breach affecting 70 million clients, this time combining beforehand separate recordsdata to immediately hyperlink Social Safety numbers and start dates to particular person customers.
AT&T advised BleepingComputer that they’re investigating the info but additionally consider it originates from the identified breach and was repackaged into a brand new leak.
“It’s not unusual for cybercriminals to repackage beforehand disclosed knowledge for monetary acquire. We simply realized about claims that AT&T knowledge is being made out there on the market on darkish net boards, and we’re conducting a full investigation,” AT&T advised BleepingComputer.
As first noticed by HackRead, the AT&T knowledge was launched on a well-liked Russian-speaking hacking discussion board, the place a menace actor claimed it was stolen throughout the 2024 AT&T Snowflake knowledge theft assault, which uncovered the decision logs of 109 million clients.
“Initially one of many database from the snowflake breach right here is my backup I created which has bogus numbers reminiscent of 00000 (I believe federal brokers…?) eliminated and I’ve additionally decrypted the SSNs and DOBs,” reads the discussion board publish.
Supply: BleepingComputer
Nonetheless, BleepingComputer’s evaluation of the leak signifies that the info truly originates from an AT&T knowledge breach in 2021 performed by a well known menace actor named ShinyHunters, who tried to promote it for $200,000.
Three years later, in March 2024, one other menace actor leaked the complete AT&T knowledge on a cybercrime discussion board at no cost, stating it was from ShinyHunter’s 2021 AT&T breach.
This knowledge included names, addresses, cell phone numbers, encrypted date of start, encrypted social safety numbers, and different inside data. Nonetheless, included within the leak had been particular person recordsdata that mapped the encrypted SSNs and DOBs with their unencrypted plain textual content strings.
On the time, AT&T first denied that the info was theirs however ultimately confirmed that the info was stolen from their methods and impacted 73 million clients.
Evaluation of the present leak by BleepingComputer exhibits it is the identical knowledge leaked in 2024 however cleaned as much as take away inside AT&T knowledge and add the unencrypted Social Safety quantity and date of start to every buyer file.
In whole, there are 88,320,017 strains of knowledge within the leak, however while you take away duplicates, it goes right down to 86,017,088 distinctive data.
Additional processing of the info exhibits that it incorporates 48,896,044 distinctive telephone numbers with related buyer data.
This important drop is brought on by many purchasers having a number of data with the identical telephone quantity used at totally different addresses.
To reiterate, this isn’t a brand new AT&T leak or the stolen Snowflake knowledge however relatively a repackaged model of the 2021 knowledge breach.
Handbook patching is outdated. It is gradual, error-prone, and difficult to scale.
Be part of Kandji + Tines on June 4 to see why outdated strategies fall brief. See real-world examples of how fashionable groups use automation to patch quicker, lower danger, keep compliant, and skip the advanced scripts.
