A hacker known for other data breaches is selling a database allegedly containing gigabytes of AT&T customer information, including social security numbers, and is asking for $1 million to take it down.
The hacker, known as ShinyHunters, posted an example list of names, addresses, and social security numbers verified to be accurate and offers the rest for sale to hackers. AT&T has denied that the posted information came from its systems.
The report from Restore Privacy says that AT&T's response is surprising given the nature of the post and the hackers history. The hacker says they are willing to work with AT&T if the company makes contact for arrangement.
The information allegedly taken from AT&T came with three encrypted strings of data: birth dates, social security numbers, and possibly account pins. The hack also includes account holder's names, phone numbers, addresses, and email addresses.
If what the hacker says is true, then there are 70 million customers at risk of identity theft and fraud. While ShinyHunters wants AT&T to pay up, they are also selling access to the database at $200,000 a pop to other hackers seeking such data.
Customer information is a hot commodity in the hacking community due to the wide variety of fraud that can be committed with little effort, and synergies that can be gained by combining leaks. For example, only two days before this report, T-Mobile was reportedly hit with a server attack exposing 47.8 million people's data.