AT&T customer's birthdates, social security numbers show up online in plain text
Data from AT&T customers originally stolen last year has been repackaged and posted online recently.
AT&T subscribers need to be on alert. Back in 2024, 86 million records belonging to customers of the nation's third-largest carrier were supposedly stolen by the ShinyHunters group. The hackers were able to take advantage of major security flaws to access and steal the data. The database might have been repackaged and has turned up twice recently on a Russian cybercrime forum. It first appeared on May 15th of this year and showed up again on June 3rd, less than a week ago, and it has been spotted on other forums since then.
According to HackRead.com, the leaked data recently posted includes data points that by themselves could help expose AT&T customers. But putting the data all together can create customer account profiles that can be used for malicious purposes. The data can be used to help the hackers commit identity theft and take other fraudulent actions. In theory, the cyber crooks could use this data to request new SIM cards and perform a SIM swap.
AT&T customer records stolen in a 2024 data breach are recently posted online. | Image credit-HackRead.com
By putting a requested SIM card replacement into a burner phone, the hackers could take control of an AT&T customer's phone, change all of the passwords, and clean out the victim's financial accounts. The data breach covers tens of millions of AT&T customers. The data stolen in the attack and posted online includes:
- Full names
- Date of birth
- Phone numbers
- Email addresses
- Physical addresses
- 44 Million Social Security Numbers (SSN)
Even though the Date of Birth and Social Security numbers were originally encrypted, they are now in plain text. If you are an AT&T customer, your social security number might have leaked making this an extremely serious threat even if this repackaged data was stolen over a year ago.
Screenshot of stolen data belonging to AT&T customers. | Image credit-HackRead.co
AT&T responded to the news by releasing the following statement: "It is not uncommon for cybercriminals to repackage previously disclosed data for financial gain. We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation."
The wireless provider added, "After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024. Affected customers were notified at that time. We have notified law enforcement of this latest development."
If you are an AT&T customer, it is likely that your data was already leaked last year. Still, to be safe, even if AT&T reset your passwords or passcodes last year, you might want to do it again. Set up fraud alerts and change your credentials for financial apps including those you use for banking, stock trading, and your crypto holdings.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: