Mon, Dec 09 2024
This Monday, a breach seller released the entire dataset online, three years after a hacker initially hinted to an alleged huge loss of to&T user data. It includes the private data of around 73 million AT&T users.
The fully disclosed dataset, which included dates of birth, Social Security numbers, home locations, phone numbers, and names, appears to be legitimate, according to a recent examination. A few AT&T consumers have attested to the accuracy of their customer data leak. Yet AT&T has yet to disclose how its consumers' information leaked online.
It was challenging to confirm the validity of the hacker's first August 2021 claim that millions of AT&T customer details had been taken because they had only released a small sample of the records that had been compromised.
The biggest phone company in the US, AT&T, stated back in 2021 that the stolen data "does not appear to have come from our systems," but it refrained from speculating on the source or veracity of the information.
The owner of the data breach alert website Have I Been Pwned, Troy Hunt, is a security researcher who recently acquired a copy of the whole compromised dataset. Hunt verified the authenticity of the released data by inquiring about the accuracy of the leaked AT&T information.
Hunt stated in a blog post that the 73 million exposed records included 49 million distinct email addresses, 44 million Social Security numbers, and customer dates of birth.
"We have no indications of a compromise of our systems," AT&T spokesperson Stephen Stokes said in a statement to TechCrunch when he was contacted for comment. In 2021, we came to the conclusion that the data shown on this internet forum did not seem to originate from our systems. It looks like this dataset has been reused on this topic multiple times.
When TechCrunch followed up with emails to find out if the said customer data was accurate or where it originated, the AT&T representative did not reply.
As Hunt points out, it's still unclear where the breach originated. Furthermore, it's unclear if AT&T really knows the source of the material. The data might have come from AT&T, "a third-party processor they use, or from another entity altogether that's entirely unrelated," according to Hunt.
Three years later, we're still no closer to understanding this mystery breach, and AT&T is unable to explain how its customers' data got onto the internet.
It takes time to look into data leaks and breaches. But by now AT&T ought to be able to offer a more convincing justification for why the data of millions of its customers is publicly accessible online.
Leave a Comment