AT&T
Image: Wikimedia Commons / Tdorante10 / CC BY-SA 4.0

AT&T confirms legitimacy of leak involving information of 73 million people

AT&T confirmed that a data set with the information of 73 million current and former customers is legitimate nearly two weeks after a hacker offered it on a dark web criminal marketplace.

In a news release during Easter weekend, the telecommunications giant said the data set appears to be from 2019 or earlier and impacts about 7.6 million current AT&T account holders and approximately 65.4 million former customers.

The data set includes Social Security numbers, names, email addresses, mailing addresses, phone numbers, dates of birth, AT&T account numbers and passcodes. The company said it is not sure whether the data is from AT&T systems or from a vendor and declined to speculate when pressed about it by Recorded Future News. 

“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable,” the news release explained. 

“As of today, this incident has not had a material impact on AT&T’s operations.”

AT&T also published a document for the 7.6 million current AT&T customers that had information in the database. The company said it reset their passcodes and is contacting them individually. 

“We will reach out by mail or email to individuals with compromised sensitive personal information and offering complimentary identity theft and credit monitoring services,” AT&T said.

Recorded Future News contacted AT&T about the dark web posting two weeks ago, and a spokesperson said at the time that the company had “no indication” that AT&T systems were ever compromised. 

The spokesperson implied that the data set was similar to one offered for sale in 2021 by a hacker group known as ShinyHunters

“We determined in 2021 that the information offered on this online forum did not appear to have come from our systems. We believe and are working to confirm that the data set discussed today is the same dataset that has been recycled several times on this forum,” the spokesperson said two weeks ago. 

Several cybersecurity experts, including prominent data breach researcher Troy Hunt, have confirmed that the data in the leaked set is legitimate. 

In 2021, BleepingComputer reported that the data was being offered for up to $1 million, but the post from two weeks ago — made by a hacker operating as “MajorNelson” — offers the entire data for free. MajorNelson credited ShinyHunters for being the original owner of the data. 

A 22-year-old Frenchman was sentenced in January to three years in U.S. federal prison for his participation in the ShinyHunters group.

AT&T is the largest wireless provider based on subscriber figures in the U.S., far outpacing its rivals Verizon and T-Mobile. 

The recent incident is not the first data breach the company has faced in recent years. Almost exactly a year ago, AT&T confirmed that a breach exposed the sensitive information of about 9 million customers.

In 2022, AT&T disputed claims by prominent security researchers and cybersecurity firms that a database of stolen information from 23 million Americans was connected to the company. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.