AT&T has refuted reports that it has suffered a data breach, barely a day after a notorious threat actor claimed to be selling a database from the company, containing personal data from as mny as 70 million customers. The threat actor in question is ShinyHunters, and is well known for having orchestrated many other data breaches at tech biggies, as well as websites and repositories. The hacker revealed that the data was on sale on a hacking forum, while demanding a starting price of $200,000, along with incremental values of $30,000. The database will be sold immediately should any buyer offer a price of $1 million.
ShinyHunters has also shared some samples from the data, from which can be inferred the fact that the stolen information contains users’ addresses, Social Security numbers, phone numbers, and dates of birth, in addition to their names. Out of these, at least four people have been confirmed to have an account at att.com. However, it is not known for sure if the data is authentic, or how it was stolen.
A Well Known Hacker
Nevertheless, ShinyHunters is known for having a rather interesting approach to stealing databases. They apparently steal API keys and other credentials by compromising developer repositories and websites. These credentials are then used to steal databases, that are sold off to other threat actors and data breach sellers. However, in case the hacker fails to find any buyers for the stolen data, they end up releasing the same for free on hacking forums.
However, AT&T continues to claim that it has not suffered any data breach recently, while adding that the stolen data does not belong to its databases. The company has also not issued any statement regarding the possibility of the data coming from a third-party partner, saying that they cannot speculate on the possibility, and neither can they determine the validity of the same.
Don’t Care But Willing To Negotiate
Meanwhile, ShinyHunters remains adamant that the data indeed comes from AT&T itself. The hacker apparently doesn’t “care if they don’t admit,” and is just interested in selling the database to an interested buyer. At the same time, they say that they are “willing to negotiate” with the company, even though they haven’t as yet reached out to them. However, they have refused to provide any further details into the database, nor into the breach itself, per say.
Source: Bleeping Computer