Three years after a hacker first teased an alleged huge theft of AT&T buyer knowledge, a breach vendor this week dumped the complete dataset on-line. It comprises the non-public info of some 73 million AT&T clients.
A brand new evaluation of the totally leaked dataset — containing names, house addresses, telephone numbers, Social Safety numbers, and dates of delivery — factors to the info being genuine. Some AT&T clients have confirmed their leaked buyer knowledge is correct. However AT&T nonetheless hasn’t stated how its clients’ knowledge spilled on-line.
The hacker, who first claimed in August 2021 to have stolen hundreds of thousands of AT&T clients’ knowledge, solely printed a small pattern of the leaked data on the time, making it troublesome to confirm its authenticity.
AT&T, the most important telephone service in the USA, said back in 2021 that the leaked knowledge “does not appear to have come from our systems,” however it selected to not speculate as to the place the info had originated or whether or not it was legitimate.
Troy Hunt, a safety researcher and proprietor of data breach notification site Have I Been Pwned, lately obtained a replica of the complete leaked dataset. Hunt concluded the leaked knowledge was actual by asking AT&T clients if their leaked data have been correct.
In a blog post analyzing the data, Hunt stated that of the 73 million leaked data, the info contained 49 million distinctive e mail addresses, 44 million Social Safety numbers, in addition to buyer dates of delivery.
When reached for remark, AT&T spokesperson Stephen Stokes instructed TechCrunch in a press release: “We have no indications of a compromise of our systems. We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. This appears to be the same dataset that has been recycled several times on this forum.”
The AT&T spokesperson didn’t reply to observe up emails by TechCrunch asking if the alleged buyer knowledge was legitimate or the place its clients’ knowledge got here from.
As Hunt notes, the supply of the breach stays inconclusive. And it’s not clear if AT&T even is aware of the place the info got here from. Hunt stated it’s believable that the info originated both from AT&T or “a third-party processor they use or from another entity altogether that’s entirely unrelated.”
What is obvious is that even three years later, we’re nonetheless no nearer to fixing this thriller breach, nor can AT&T say how its clients’ knowledge ended up on-line.
Investigating knowledge breaches and leaks takes time. However by now AT&T ought to be capable of present a greater rationalization as to why hundreds of thousands of its clients’ knowledge is on-line for all to see.
TechCrunch’s Lorenzo Franceschi-Bicchierai contributed reporting.
