AT&T database of 70 million users sold on hacker forum, though AT&T denies the data leak claim. The hacking group behind this hack is ShinyHunters, the same group involved in the T-Mobile hack.
The group has made data of 70 million AT&T users for sale on a hacker forum. AT&T denies their claim saying the data did not come from any of their systems.
The sample data posted by hackers on the hacker forum consists of AT & T users’ full names, social security numbers, email addresses, and dates of birth. ShinyHunters has put a price tag of $200,000 on this sample AT&T database.
According to AT&T, “Based on our investigation today, information that appeared in an internet chat room does not appear to have come from our systems”
This is not the first time AT&T has suffered a data breach, earlier in 2015 the company ended up paying around $25 million fine for an insider breach.
Reports suggest, in May one of the threat actors was looking to hire a T-Mobile and/or AT&T employee, to help them in staging an insider attack on their employer.
The hacking group claims to have another enormous database, this comes just within a few days of the T-Mobile hack. It seems likely the hackers have managed to illegally access a database containing information on more than 40 million past, current, and prospective users of T-Mobile US.
Earlier last, T-Mobile was tipped about the compromised T-Mobile systems in an online forum. Following which the company announced it has located and had the situation under control as they closed all access points and threat actors might illegally try to break through their servers.
The company told the press, “Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”
According to cybersecurity experts, the leaked data could be used for social engineering and identity theft.
ShinyHunters has a number of reputed companies on its victims list such as Mashable, 123RF, Minted, Couchsurfing, Animal Jam, and others.
Dutch Police Arrests Two Hackers Involved in “Fraud-as-a-Service” Operation
Saudi Aramco Hacked – Hackers Demand $50 Million Ransom
Facebook Takes Down Accounts Used by Iranian Hackers to Target US Military Personnel