Business
AT&T Will Not Disclose How Customers’ Data Was Compromised
(CTN News) – Hackers first teased an alleged massive theft of AT&T customer data three years ago, but a breach seller released the full dataset this week. Some 73 million AT&T customers have their personal information in it.
New analysis of the fully leaked dataset suggests the names, addresses, phone numbers, Social Security numbers, and dates of birth are authentic. Customer data that was leaked has been confirmed to be accurate by some AT&T customers. At this point, AT&T hasn’t disclosed how customer data was spilled online.
First claiming in August 2021 that millions of AT&T customers’ records had been stolen, the hacker made only a small sample available at the time, making it difficult for anyone to verify the data’s authenticity.
The largest phone carrier in the United States, said in 2021 that the leaked data “does not appear to have originated from our systems,” but decided not to speculate on its source or validity.
The full leaked dataset was obtained by Troy Hunt, a security researcher and owner of the data breach notification site Have I Been Pwned. Asked if the customers’ leaked records were accurate, Hunt concluded that the leaked data was real.
Hunt wrote in a blog post analyzing the data that 49 million unique email addresses, 44 million Social Security numbers, and customer dates of birth were in the 73 million leaked records.
Upon reaching out for comment, AT&T spokesperson Stephen Stokes told TechCrunch:
“We do not know of any compromise of our systems.” Upon reviewing the information offered on this forum, we determined that it did not originate from our systems. This appears to be the same dataset that has been reused on this forum several times.”
After TechCrunch asked if the alleged customer data was valid and where it came from, an AT&T spokesperson did not respond.
There is no conclusive evidence regarding the source of the breach, according to Hunt. Whether even knows where the data came from is unclear. At&T or a third-party processor they use or an entirely unrelated entity may have collected the data, Hunt said.
Even three years later, we still don’t know how AT&T’s customers’ data ended up online nor can we figure out how it happened. The investigation of data breaches and leaks takes time. However, AT&T should be able to provide a better explanation of why millions of its customers’ data is publicly available by now.
SEE ALSO:
Alibaba Sells Bilibili Assets For $360 Million
