3 years after a hacker initially teased a supposed huge theft of AT&T consumer information, a breach seller today discarded the complete dataset online. It consists of the individual info of some 73 million AT&T consumers.
A brand-new analysis of the completely dripped dataset– consisting of names, home addresses, telephone number, Social Security numbers, and dates of birth– indicate the information being genuine. Some AT&T consumers have actually verified their dripped client information is precise. AT&T still hasn’t stated how its consumers’ information spilled online.
The hacker, who initially declared in August 2021 to have actually taken countless AT&T clients’ information, just released a little sample of the dripped records at the time, making it challenging to validate its credibility.
AT&T, the biggest phone provider in the United States, stated back in 2021 that the dripped information “does not appear to have actually originated from our systems,” however it picked not to hypothesize regarding where the information had actually come from or whether it stood.
Troy Hunt, a security scientist and owner of information breach alert website Have I Been Pwned, just recently got a copy of the complete dripped dataset. Hunt concluded the dripped information was genuine by asking AT&T clients if their dripped records were precise.
In a post evaluating the information, Hunt stated that of the 73 million dripped records, the information consisted of 49 million special e-mail addresses, 44 million Social Security numbers, and client dates of birth.
When grabbed remark, AT&T representative Stephen Stokes informed TechCrunch in a declaration: “We have no indicators of a compromise of our systems. We figured out in 2021 that the info used on this online forum did not appear to have actually originated from our systems. This seems the exact same dataset that has actually been recycled numerous times on this online forum.”
The AT&T representative did not react to follow-up e-mails by TechCrunch asking if the supposed client information stood or where its clients’ information originated from.
As Hunt notes, the source of the breach stays undetermined. And it’s unclear if AT&T even understands where the information originated from. Hunt stated it’s possible that the information stemmed either from AT&T or “a third-party processor they utilize or from another entity completely that’s totally unassociated.”
What is clear is that even 3 years later on, we’re still no closer to resolving this secret breach, nor can AT&T state how its consumers’ information wound up online.
Examining information breaches and leakages requires time. By now AT&T needs to be able to offer a much better description as to why millions of its clients’ information is online for all to see.
TechCrunch’s Lorenzo Franceschi-Bicchierai contributed reporting.
