Register now for better personalized quote!
Hackers on the dark web are hawking a repackaged database of customer records from AT&T. The data contains dates of birth, phone numbers, email addresses, street addresses, and social security numbers.
In this latest leak, the records were posted on a Russian cybercrime forum on May 15 and uploaded again on June 3, according to cybersecurity news platform Hackread. With this new activity, the data has apparently been garnering attention from other cybercriminals and potential buyers.
After analyzing the leaked records, AT&T verified the contents. However, a company spokesperson said that the data does not represent a new leak but rather is repackaged content from a previous leak.
"After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024," the spokesperson told . "Affected customers were notified at that time. We have notified law enforcement of this latest development."
In March 2024, AT&T revealed a dark web data leak that impacted 7.6 million current AT&T subscribers and 65.4 million former AT&T account holders. Stemming from 2019 and ealier, the data included passcodes, names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, and AT&T account numbers. Members of the ShinyHunters cybercrime group took credit for the breach itself, which occurred in 2021.
The hackers who have now repackaged the data claim that the dates of birth and social security numbers were originally encrypted but have since been decrypted and are now visible in plain text. However, AT&T has disputed that claim, explaining that these pieces of data had already been available in plain text in the original leak from 2024. Beyond notifying affected customers at the time, the carrier also reset their passcodes and offered credit monitoring and identity theft protection.
Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more
The data breach revealed by AT&T in March 2024 differs from another incident that was reported in July 2024. In that one, the carrier announced a breach that affected "nearly all AT&T cellular customers." The compromised data included phone numbers plus counts of calls or texts and total call durations from May 1, 2022, to October 31, 2022, and on January 2, 2023.
AT&T blamed this other breach on vulnerabilities with its third-party Snowflake cloud platform, which houses customer records. At that time, the carrier said it didn't believe the data was publicly available. In this one, the company reportedly paid a hacker associated with ShinyHunters$373,000 in Bitcoin to remove the stolen data and provide proof that it was deleted, according to Wired.
Initially, Hackread speculated that the latest repackaged data was from the Snowflake breach. However, AT&T has confirmed that the data is not connected to the Snowflake incident.
Also: I clicked on four sneaky online scams on purpose - to show you how they work
If you are an AT&T customer, what should you do at this point?
"The original breach of sensitive records from AT&T was enough to worry their customers," Thomas Richards, Infrastructure Security Practice Director at security provider Black Duck, told . "Now it poses significant risk to their identities. With both date of birth and SSNs being compromised, malicious actors have all the information they need to conduct fraud and impersonate AT&T customers. If they haven't already, the affected users should be notified and actively monitor their credit for any signs of fraud."
Also: Stop paying for antivirus software. Here's why you don't need it
Beyond monitoring your credit, you may want to change your AT&T password and set up multi-factor authentication for your account, if you haven't already done so. You should also consider freezing your credit so that no new accounts can be opened in your name until or unless you unfreeze it.
Perhaps most troubling, though, is the leak of social security numbers, which have been used for almost 90 years to track the earnings of Americans to determine their retirement and disability benefits. But in this age of cybercrime, these numbers have become vulnerable. By linking an SSN with your name and other data, a criminal can easily take over your account or steal your identity.
Unlike your phone number or email address, you can't easily change your social security number. The SSA will issue new numbers under certain circumstances, including identity theft. But you have to prove ongoing hardship as a result of the old number being compromised.
Trey Ford, Chief Information Security Officer at crowdsourced cybersecurity firm Bugcrowd offers an interesting take.
"In 2025, the United States is still relying on a static number (Social Security Number) as the universal secret identity code enabling miscreants to abuse our identity," Ford told .
Also: The best password managers: Expert tested
"There are organizations selling monitoring that profit off this problem space," he added. "What will it take for us to ruin the SSN's usefulness to bad actors, to de-value the SSN as loot to be stolen for profit - and to adopt a more meaningful, better controlled, more transparent, and FAR more secure option? It is time to consider the SSN a part of public record, just like your name, address, and phone number, and institute a central and federated technical control system for authenticating and authorizing the use of identity records."
Hot Tags :
Tech
Register Email now for Weekly Promotion Stock
100% free, Unsubscribe any time!
Add 1: Room 605 6/F FA YUEN Commercial Building, 75-77 FA YUEN Street, Mongkok KL, HongKong Add 2: Room 405, Building E, MeiDu Building, Gong Shu District, Hangzhou City, Zhejiang Province, China
Whatsapp/Tel: +8618057156223 Tel: 0086 571 86729517 Tel in HK: 00852 66181601
Email: [email protected]
English
Pусский
Français
Español
Português
