Hackers stole nearly 48 million customer records from T-Mobile a few days ago, with the carrier confirming the findings earlier this week. T-Mobile said at the time that the hackers did not steal payment information. But sensitive data, including full names, dates of birth, social security numbers, and driver’s license information was stolen. Hackers also accessed customer names, phone numbers, and PINs for some prepaid accounts. T-Mobile said the investigation is ongoing, but the company will offer customers two years of free identity theft protection. It turns out T-Mobile might not be alone. A hacker claims to have obtained personal data for 70 million accounts in a massive AT&T hack, including information that can expose them to identity theft down the road. Now, AT&T has issued a strange denial to news of the hack.
Compromised personal data
According to Restore Privacy, a “well-known threat actor” who goes by ShinyHunters is selling private data from 70 million AT&T customers. The site says it analyzed the data and found it to include legitimate customer information.
ShinyHunters posted a small sample of data that the site examined, comparing it to information available in public records. Restore Privacy says it can’t confirm that the data originates from AT&T customers, but it appears to be valid.
The data in the sample includes names, phone numbers, physical addresses, email addresses, social security numbers, and dates of birth.
The report says that ShinyHunters has also accessed encrypted data from customers that include social security numbers and dates of birth.
After contacting the hacker, the site found out that the data comes from AT&T customers in the US. He didn’t reveal how he obtained the data. But he added that there’s a third encrypted string in the data that might contain user PINs.
AT&T reaction to the purported hack
ShinyHunters is asking for $1 million for the entire database but told the site that it’s willing to reach a deal with AT&T. The attacker indicated he has done this sort of deal before.
By the way, if AT&T is afraid and want their database taken off the market, they can contact me for an agreement, it has been done recently and both sides were satisfied.
AT&T provided Restore Privacy a comment on the situation that seems to indicate the report is inaccurate:
Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.
The site says AT&T’s view of the events is not accurate. The hacker posted information that appeared in a well-known hacking forum from a user with an extensive history of attacks, not on an “internet chat room.” ShinyHunters told the site that AT&T’s response did not surprise him. “I think they will keep denying until I leak everything,” he said.
The attacker has other well-known exploits under his belt, which make his claims surrounding this supposed AT&T hack more believable.