Not only is the 2021 breach of AT&T legitimate, some 73 million records that were stolen are now available to the general public without having to venture onto the dark web. The data leak had initially been up for private sale at a price of $30,000, but either one of the hackers or a buyer seems to have decided to dump it.
The data leak includes passcodes that are used to secure accounts, which are encrypted but in a form that is not difficult to defeat. Some records also include an assortment of contact information and partial Social Security numbers, making the breach a major risk for follow-on scams and identity theft.
Source of data leak still unclear
The data leak was attributed to a now likely defunct hacking group called “ShinyHunters” back in 2021, but the means by which they obtained the data remains unclear. AT&T has said, both then and now, that it has never detected an internal intrusion in connection with this particular data theft. But it now says that it cannot rule out the possibility, and is not sure if the leak came from its own network or from a third party vendor.
It would not be the first time in recent history that the company experienced a third party data breach, if that does indeed turn out to be the cause. A data leak a little over a year ago exposed about nine million customer records, though with a more limited set of contact information, and was ultimately traced back to a vendor. A few months later, a security researcher also found that the company’s website had a flaw that made it trivial to hijack customer accounts using only their phone number and ZIP code.
The long and short of this data leak is that the size and the included customer information all but guarantees that AT&T customers will experience a rash of attempted scams, phishing attempts and possibly SIM swap attacks. Impacted customers should have already been contacted (by letter or email) about resetting their PIN code, but they should also be on heightened alert for unusual communications.
Data leak mostly impacts AT&T customers from pre-2020
While about 7.6 million current AT&T customers are impacted by the data leak, the vast majority (65.4 million) are former customers from before the start of 2020.
Aside from the partial Social Security numbers, the most worrying item in the data leak is the account passcodes. These are PINs of at least four digits that are encrypted, but in a way that shouldn’t be a major problem for hackers to decipher. These serve as a secondary authentication method during web or app logins, and could possibly be used as primary identification when someone calls AT&T for help. That opens the possibility of SIM swap attacks, though hopefully all impacted accounts have had their password reset by AT&T already.
AT&T is downplaying the impact of the data leak, saying that it expects no material impact to its operations. Customers should treat it as a serious issue, however, given that their prior passcodes and personal information are now available via the “clearweb” for any interested parties to retrieve.