The rumored dump of AT&T dark web customer data from mid-March has been confirmed. And it's tremendous. In total, more than 73 million current and former customers are in the cache, AT&T confirmed over the weekend.
The telecom giant said in a press release that the data posted on a cybercrime forum last month is genuine and contains information on 7.6 million current AT&T customers and 65.4 million former users. AT&T said initial investigation suggests the largest trove of stolen data dates back to 2019 or earlier.
“It is not yet clear whether the data in these areas comes from AT&T or its vendors,” the company said in a press release. “At this time, AT&T has no evidence that data sets were compromised due to unauthorized access to its systems.”
AT&T says on its support page for the incident that the information contained in the dump varies by customer, but may include name, email and mailing address, phone number, SSN, date of birth, and AT&T account number and passcode. The latter said there were four. – Numerical identification numbers that you always forget when contacting customer support.
AT&T is withholding judgment on the source of the data, but it appears to be in line with a trove of AT&T customer data that was put up for sale on the dark web in 2021.
In mid-2021, the ShinyHunters cybercrime organization claimed to have data belonging to approximately 70 million AT&T customers and was offering it for sale for the hefty sum of $1 million, according to RestorePrivacy, which viewed the dataset. . RestorePrivacy also spoke to members of ShinyHunters who said the data belonged to a US-based AT&T customer, but declined to say how they obtained it.
AT&T denied in 2021 that the data belonged to it, but it was not immediately clear whether both datasets were the same. That being said, there are many similarities, both in the amount of records included and the items included in the set.
AT&T claimed in March that the data set in question may be “the same data set that has been recycled over and over again” on the forum where it was uploaded, but it's unclear whether that's true. If it's a different set of actual customer records, it just opens up a whole different can of worms.
We've reached out to AT&T and will update this article if we hear back. ®