Three years after a hacker first teased an alleged large theft of AT&T buyer information, the hack vendor this week dumped your complete information set on-line. It comprises private data for about 73 million AT&T clients.
A brand new evaluation of your complete leaked information set — which comprises names, residence addresses, telephone numbers, Social Safety numbers and dates of start — suggests the info is correct. Some AT&T clients have confirmed that their leaked buyer information is correct. However AT&T has not but mentioned how its clients’ information was leaked on-line.
The hacker, who first claimed in August 2021 to have stolen thousands and thousands of AT&T buyer information, solely printed a small pattern of the leaked logs on the time, making their authenticity troublesome to confirm.
AT&T, the biggest US telephone provider, mentioned in 2021 that the leaked information “doesn’t seem to have come from our methods,” however selected to not speculate on the supply of the info or whether or not it was legitimate.
Troy Hunt, a safety researcher and proprietor of the info breach notification website Have I Been Pwned, not too long ago obtained a duplicate of the complete leaked information set. Hunt concluded that the leaked information was actual by asking AT&T clients if their leaked logs had been correct.
In a weblog put up analyzing the info, Hunt mentioned that of the 73 million leaked information, the info comprises 49 million distinctive e mail addresses, 44 million Social Safety numbers, in addition to clients’ dates of start.
When reached for remark, AT&T spokesperson Stephen Stokes advised TechCrunch in an announcement: “We’ve got no indications of compromise in our methods. We’ve got decided in 2021 that the knowledge supplied on this on-line discussion board doesn’t seem to have come from our methods. This is similar information set that has been recycled a number of occasions on this discussion board.
An AT&T spokesperson didn’t reply to follow-up emails from TechCrunch asking whether or not the alleged buyer information was true or the place its clients’ information got here from.
As Hunt famous, the supply of the hack stays inconclusive. It’s not clear whether or not AT&T is aware of the place the info got here from. Hunt mentioned it is believable that the info might have originated both from AT&T, “a third-party processor they use, or another fully unrelated entity.”
What’s clear is that even three years later, we’re nonetheless removed from fixing this mysterious breach, and AT&T cannot decide how its clients’ information ended up on-line.
Investigating information breaches and leaks takes time. However now AT&T ought to have the ability to present a greater clarification for why thousands and thousands of its clients’ information is on the market on the Web for everybody to see.