Three years after a hacker first teased an alleged huge theft of AT&T buyer knowledge, a breach vendor this week dumped the complete dataset on-line. It incorporates the non-public info of some 73 million AT&T prospects.
A brand new evaluation of the totally leaked dataset — containing names, dwelling addresses, telephone numbers, Social Safety numbers, and dates of beginning — factors to the info being genuine. Some AT&T prospects have confirmed their leaked buyer knowledge is correct. However AT&T nonetheless hasn’t mentioned how its prospects’ knowledge spilled on-line.
The hacker, who first claimed in August 2021 to have stolen hundreds of thousands of AT&T prospects’ knowledge, solely revealed a small pattern of the leaked information on the time, making it tough to confirm its authenticity.
AT&T, the most important telephone provider in the US, mentioned again in 2021 that the leaked knowledge “doesn’t seem to have come from our methods,” nevertheless it selected to not speculate as to the place the info had originated or whether or not it was legitimate.
Troy Hunt, a safety researcher and proprietor of knowledge breach notification web site Have I Been Pwned, lately obtained a duplicate of the complete leaked dataset. Hunt concluded the leaked knowledge was actual by asking AT&T prospects if their leaked information have been correct.
In a weblog publish analyzing the info, Hunt mentioned that of the 73 million leaked information, the info contained 49 million distinctive e mail addresses, 44 million Social Safety numbers, in addition to buyer dates of beginning.
When reached for remark, AT&T spokesperson Stephen Stokes informed TechCrunch in an announcement: “We’ve got no indications of a compromise of our methods. We decided in 2021 that the knowledge supplied on this on-line discussion board didn’t seem to have come from our methods. This seems to be the identical dataset that has been recycled a number of occasions on this discussion board.”
The AT&T spokesperson didn’t reply to observe up emails by TechCrunch asking if the alleged buyer knowledge was legitimate or the place its prospects’ knowledge got here from.
As Hunt notes, the supply of the breach stays inconclusive. And it’s not clear if AT&T even is aware of the place the info got here from. Hunt mentioned it’s believable that the info originated both from AT&T or “a third-party processor they use or from one other entity altogether that’s fully unrelated.”
What is obvious is that even three years later, we’re nonetheless no nearer to fixing this thriller breach, nor can AT&T say how its prospects’ knowledge ended up on-line.
Investigating knowledge breaches and leaks takes time. However by now AT&T ought to have the ability to present a greater clarification as to why hundreds of thousands of its prospects’ knowledge is on-line for all to see.
TechCrunch’s Lorenzo Franceschi-Bicchierai contributed reporting.