(Credit: WhataWin/Getty Images)
An archive that allegedly contains information on 73 million AT&T customers has leaked on the open internet — and at least some of the data appears to be legit.
On Sunday, a user posted the 5GB archive on a hacking forum, making it easy for scammers and cybercriminals to download the data dump, and then target any affected users.
“As I'm fond of saying, there's only one thing worse than your data appearing on the dark web: it's appearing on the clear web,” says Troy Hunt, a security researcher who’s been investigating the file dump.
The archive supposedly contains full names, addresses, and phone numbers to AT&T customers. In addition, a separate file in the archive holds the Social Security numbers and dates of birth to some of the affected customers.
This Tweet is currently unavailable. It might be loading or has been removed.
Hunt confirmed that some of the data is real by reaching out to users of his data breach notification service Have I Been Pwned who had their details exposed in the 5GB archive.
“The file with decrypted [Social Security numbers) has 43,989,217 lines,” Hunt wrote in a blog post. But in some good news, the number of exposed dates of birth is far smaller at 43,524.
This Tweet is currently unavailable. It might be loading or has been removed.
We don't know where the archive originated. But in 2021, a hacking group known as ShinyHunters was spotted auctioning off an archive containing data on 70 million AT&T customers.
At the time, ShinyHunters was asking for at least $200,000 for the data. It now looks like someone decided to make the archive available for free. But even though the data appears to be legit, AT&T told BleepingComputer that it “did not originate from them and that its systems were not breached.”
“It could be that it came from a third party processor [AT&T users] or from another entity altogether that's entirely unrelated,” Hunt speculated. In the meantime, he’s warning affected users through Have I Been Pwned, which is free for anyone who signs up. Readers can also check out our tips on how to protect yourself from a data breach.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
