AT&T seems breached again, the hacker is selling access to 24 million users' data – are you one of those?

Is AT&T going to be sued and fined for neglecting its users' private data? Or is it going to settle to pay out compensations to numerous users again, like it recently did?

This could very well happen, if another AT&T breach occurs – and SOCRadar's Dark Web Team has come across a new listing on the dark web that advertises what is described as unauthorized access to AT&T's internal systems.

The individual (or individuals) behind the post claims to have maintained undetected, long-term access within the company's Tier 1 infrastructure by deploying a custom load that has remained active for over three weeks. The post further states that this access allegedly provides visibility into more than 24 million active customer accounts, with the ability to fully read, write, and sync data in real time.



A screenshot was shared as proof, and the access is being offered for sale at a price of $100,000, with payment only accepted in crypto.

The "currency" is not surprising, given that dark web marketplaces first gained traction with Silk Road in 2011, which accepted Bitcoin as payment and coincided with a major surge in the currency's value. Over time, Monero emerged as a secondary option, favored for its advanced privacy features like ring signatures that obscure transactions. These qualities have made cryptocurrencies a cornerstone of cybercrime for more than a decade.

AT&T definitely has experience with data breaches

In 2023, AT&T faced major data breaches that exposed information from tens of millions of customers, leading to a class-action lawsuit. The company agreed to settle for $177 million, a deal recently approved by US District Judge Ada Brown in Dallas, who described the outcome as fair and reasonable.

The breaches, disclosed in May and July, allowed access to call logs, texts, and personal details of current and former customers. Victims able to show financial losses tied directly to the incidents may receive up to $5,000, while others whose data was accessed will receive smaller payments. AT&T has denied responsibility, saying it agreed to settle only to avoid lengthy litigation. Payouts are expected in early 2026 once final approval is granted.


One of the breaches involved call and text data stored on the Snowflake cloud platform, while another surfaced in March 2024, tied to data released on the dark web affecting 7.6 million current and 65.4 million former customers. The FCC is also investigating why an expired AT&T cloud vendor retained and later exposed data from 8.9 million customers dating back to 2015–2017, information that should have been deleted years earlier. For that incident, AT&T agreed to pay a $13 million FCC fine.

Travel Easy with Nomad eSIM – 25% Off

25% off eSIM data-only plans & global coverage - enter code IPHONE25, sign up required

Check Out The Offer