After weeks of denial, AT&T has confirmed a data breach affecting 73 million of its current and former customers, marking a significant turn in the ongoing saga of leaked customer data. The telecommunications giant had steadfastly denied allegations that a massive data leak originated from their systems, despite mounting evidence and reports from concerned customers and cybersecurity experts.
The breach, now acknowledged by AT&T, includes sensitive personal information such as names, addresses, phone numbers, and for some, social security numbers and birth dates. This confirmation comes after a prolonged period of denial from AT&T, which initially disputed claims in 2021 when the threat group Shiny Hunters first announced they were selling data purportedly belonging to AT&T customers.
In a statement to BleepingComputer, AT&T conceded that the leaked dataset, which appears to date back to 2019 or earlier, impacts approximately 7.6 million current account holders and 65.4 million former account holders. The company also revealed that security passcodes for 7.6 million customers were compromised and have since been reset.
This breach disclosure follows a recent leak on a hacking forum, where a different threat actor claimed to be distributing the same dataset initially attributed to Shiny Hunters. Investigations by BleepingComputer and the data breach notification service Have I Been Pwned confirmed the data’s authenticity and its origins from AT&T or DirectTV, based on unique customer information used exclusively for AT&T accounts.
The revelation has prompted AT&T to issue a public statement and launch a new page on keeping AT&T accounts secure, outlining the steps it is taking to address the breach. The company is reaching out to all impacted customers to notify them of the breach and advise them on next steps, including checking with Have I Been Pwned to see if their data was compromised.
This incident raises serious questions about data security practices at major corporations and the transparency of their responses to potential data breaches. It underscores the importance of robust cybersecurity measures and the need for companies to promptly and transparently address data security concerns raised by customers and cybersecurity professionals.
As the fallout from this breach continues to unfold, AT&T customers are advised to remain vigilant, monitor their accounts for any suspicious activity, and follow the company’s guidance to secure their personal information.
Marcus is a cybersecurity analyst with a focus on VPN and proxy services. As the founder and driving force behind a prominent VPN and proxy website, Private Proxy Guide, Marcus has emerged as a trusted authority in the digital realm. With a passion for staying ahead of evolving cyber threats, he has played a pivotal role in educating and empowering individuals and businesses to safeguard their online presence.
