A prolific hacker gang claims to be selling data on 70 million AT&T customers, the likes of which would appear to include names, phone numbers, social security numbers, DOBs, home addresses, and more.
On Thursday, RestorePrivacy broke the news that ShinyHunters, a well-known threat actor, was advertising the apparent database on RaidForums, a popular dark web marketplace. The cybercriminals are asking for $1 million for the entire database, and are selling segments of the data for $30k apiece.
The telecom has denied that the data is legitimate. When reached for comment, an AT&T spokesperson told Gizmodo:
Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.
The careful wording here would seem to show the telecom hedging against a more definitive refutation. In fact, in a follow-up email to BleepingComputer, the company equivocated over whether the data could have been stolen from a third-party: “Given this information did not come from us, we can’t speculate on where it came from or whether it is valid,” the firm said.
In the past, ShinyHunters has targeted the likes of Microsoft, Mashable and droves of other small- to mid-sized platforms. Its modus operandi is to steal or buy large troves of data, then dump and sell the digital bounties on underground platforms.
The incident also comes only several days after fellow telecom T-Mobile revealed a data breach that exposed the personal information of tens of millions of its customers. In light of this, the timing of the Hunters sale could be viewed as suspect—as it may offer the well-known group an opportunity to cash-in on fears of telecom breaches. On the other hand, the Hunters have built a reputation on selling data stolen from large companies.
The hackers had a curt retort to AT&T’s denial: “[T]hey will keep denying until I leak everything,” one of the cybercriminals told RestorePrivacy.