At&t Not Sure If New Customer Data Dump Is Déjà Vu

AT&T is investigating claims that millions of its customers’ data are listed for sale on a cybercrime forum in what appears to be a re-release from an earlier hack.

“It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain,” an AT&T spokesperson told The Register. “We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation.”

The data for sale reportedly includes around 86 million AT&T customer records, according to HackRead, which first spotted the purloined files. While the thief claimed the leak involved 70 million customer records, HackRead analyzed the data and said it actually included about 88 million, of which 86 million are unique entries.

The info includes people’s dates of birth, phone numbers, email addresses, physical addresses, and some 44 million plain-text social security numbers, which the seller claims were originally encrypted.

The stolen info was first listed for sale on May 15, and then reuploaded on June 3.

Even the seller says this is not from a new AT&T breach — but the age and original provenance of the data has not been disclosed.

In their original post, the seller claimed that the customer database was originally swiped last year, when crooks broke into more than 165 Snowflake customers’ hosted environments and stole terabytes of data affecting hundreds of millions of individuals.

One of these Snowflake customers was AT&T, and at the time of the breach, an AT&T spokesperson told The Register that attackers snatched call and text records – specifically the details around those interactions, not the actual content – for just under 110 million customers from the compromised cloud storage.

This 110 million figure is significantly larger than what the digital thief has claimed, so it could be a partial dump from the larger Snowflake heist.

Also last year: AT&T confirmed that more than 73 million records belonging to current and former customers and dumped on the dark web in March 2024 were legit.

That treasure trove of personal information allegedly dated back to an even earlier data dump, stolen and offered for sale by ShinyHunters in 2021. At the time, AT&T denied that the customer data being offered for sale belonged to it. RestorePrivacy, however, viewed the dataset, and spoke to members of ShinyHunters, who said the data belonged to US-based AT&T customers, but wouldn’t reveal how they obtained it. 

The number of stolen records seems a closer fit to the 2021 theft. But until AT&T lets us know which previously disclosed data breach — if any — is linked to this latest customer info dump, we won’t know for sure. 

Regardless, if you’re an AT&T customer, it’s a good idea to closely monitor your credit and keep an eye out for any indication of fraud or identity theft.

“With both date of birth and SSNs being compromised, malicious actors have all the information they need to conduct fraud and impersonate AT&T customers,” Thomas Richards, Infrastructure Security Practice Director at Black Duck, said in an email to The Register. “The original breach of sensitive records from AT&T was enough to worry their customers. Now it poses significant risk to their identities.” ®

Original Source