Η AT&T notify 51 million former and current customers of on data breach, which led to the disclosure of their personal data on hacking forums. However, the company has not provided details on how the data was obtained.
These alerts relate to the recent leak of a huge amount of AT&T customer data, originally offered for sale, for $1 million, in 2021.
When the group ShinyHunters first leaked AT&T data in 2021, the company had said that the Data they did not own them and that their systems had not been compromised. Last month, another threat actor known as "MajorNelson" leaked the same data set to a hacking forum and AT&T again said the data did not come from them.
See also: USA: Investigating allegations of leaks of government documents
However, external analysts confirmed that much of the data that had been exposed included customer data and passwords. The company eventually admitted that the data belonged to it. And while the data breach contained information about more than 70 million people, AT&T says now that it affected a total of 51.226.382 customers.
“The information exposed varied by individual and account, but may have included full name, email address, postal address, telephone number, social security number, date of birth, number of account AT&T and AT&T password", the notice said.
“As far as we know, the personal financial data and call history were not affected. Based on our research to date, the data appears to be from June 2019 or earlier“.
AT&T reportedly told BleepingComputer that this large difference in the number of affected users due to the fact that some customers had multiple accounts, which were leaked in this data breach. Therefore, the final number of users affected is smaller.
As we said, the company has not disclosed how the stolen data. In addition, he allegedly told the Maine Attorney General's Office that he learned of the violation on March 26, 2024. However, initially, the information was exposed in 2021.
See also: 61% of Data Leaks in 2023 were associated with Malware
Following the disclosure of the data breach, AT&T is offering customers theft protection services ID card and credit monitoring services, for one year, through Experian.
Affected people need to be vigilant, to be alert, to monitor their accounts for suspicious activity and be cautious with emails, messages and phone numbers they may receive.
Data breaches and delayed response have led to multiple class action lawsuits against AT&T. The data was stolen in 2021, when cybercriminals had ample opportunity to exploit it and carry out targeted attacks. However, the whole data was leaked again, increasing the risk for customers.
The first and most immediate risk for users is the violation of their privacy. Their personal data, such as their name, address, telephone number or email address, have been leaked and may be used for illegal purposes.
See also: OWASP reveals that it suffered a data leak
Secondly, there is the risk of identity theft. This means that attackers can use their personal data to create fake profiles or pretend to be them, which can lead to further fraud.
Finally, the AT&T data breach may increase the risk of phishing attack. Attackers can use the data they have obtained to send personalised Messages, trying to gain access to further information, such as passwords or credit card information.
Source : www.bleepingcomputer.com
