AT&T Silent on Data Breach: Customers’ Data Exposed Online Without Explanation
Three years following the initial teaser by a hacker regarding an alleged extensive theft of AT&T customer data, a breach seller has now released the complete dataset online this week. This dataset encompasses the personal details of approximately 73 million AT&T customers.
A fresh examination of the fully leaked dataset, inclusive of names, residential addresses, phone numbers, Social Security numbers, and dates of birth, indicates the authenticity of the data. Some AT&T customers have authenticated that their leaked customer data is indeed accurate. Nevertheless, AT&T has yet to disclose how the data of its customers was exposed online.
Initially, the hacker claimed in August 2021 to have pilfered millions of AT&T customers’ data, albeit only a small sample of the leaked records was published at that time, complicating the verification process of its authenticity.
AT&T, the leading phone carrier in the United States, stated in 2021 that the leaked data “does not appear to have come from our systems,” refraining from speculating on the data’s source or validity.
Security researcher Troy Hunt, proprietor of the data breach notification site Have I Been Pwned, recently acquired a copy of the complete leaked dataset. Hunt affirmed the authenticity of the leaked data by cross-referencing it with AT&T customers, confirming the accuracy of their leaked records.
In a blog post dissecting the data, Hunt revealed that among the 73 million leaked records, there were 49 million unique email addresses, 44 million Social Security numbers, and customer dates of birth.
When contacted for commentary, AT&T spokesperson Stephen Stokes informed TechCrunch in a statement: “We have no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. This appears to be the same dataset that has been recycled several times on this forum.