AT&T denies data breach after hacker auctions 70 million user database

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. 

The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.

From the samples shared by the threat actor, the database contains customers’ names, addresses, phone numbers, Social Security numbers, and date of birth.

A security researcher who wishes to remain anonymous told BleepingComputer that two of the four people in the samples were confirmed to have accounts on att.com.

Other than these few details, not much is known about the database, how it was acquired, and whether it is authentic.

However, ShinyHunters is a well-known threat actor with a long history of compromising websites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly to other threat actors or utilize a middle-man data breach seller.

In many cases, when a database is not sold, ShinyHunters will release it for free on hacker forums.

In the past, ShinyHunters has breached numerous companies, including Wattpad, Tokopedia, Microsoft’s GitHub account, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and many more.

AT&T denies suffering a breach

After learning of the threat actor’s claims, BleepingComputer reached out to AT&T to see if the data belonged to them.

In multiple emails, AT&T has told BleepingComputer that the data is not from their systems and has not recently been breached.

“Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.” – AT&T.

When asked whether the data may have come from a third-party partner, AT&T chose not to speculate.

“Given this information did not come from us, we can’t speculate on where it came from or whether it is valid,” AT&T told us in a follow-up email.

ShinyHunters has told BleepingComputer that they are not surprised that AT&T denies the breach and continues to state that it comes from them.

“I don’t care if they don’t admit. I’m just selling,” ShinyHunters told BleepingComputer.

While ShinyHunters states that they did not contact AT&T, they said they are willing to “negotiate” with the company.

When we asked the threat actor for further information about the breach, ShinyHunters refused to provide any other details.

This news comes soon after a different threat actor tried to sell the stolen data of 100 million T-Mobile customers.

T-Mobile latest confirmed they were hacked, and the cyberattack exposed the personal data of 48 million T-Mobile customers.