Wesley Hilliard
A hacker known for other data breaches is selling a database allegedly containing gigabytes of AT&T customer information, including social security numbers, and is asking for $1 million to take it down.
The hacker, known as ShinyHunters, posted an example list of names, addresses, and social security numbers verified to be accurate and offers the rest for sale to hackers. AT&T has denied that the posted information came from its systems.
The report from Restore Privacy says that AT&T's response is surprising given the nature of the post and the hackers history. The hacker says they are willing to work with AT&T if the company makes contact for arrangement.
The information allegedly taken from AT&T came with three encrypted strings of data: birth dates, social security numbers, and possibly account pins. The hack also includes account holder's names, phone numbers, addresses, and email addresses.
If what the hacker says is true, then there are 70 million customers at risk of identity theft and fraud. While ShinyHunters wants AT&T to pay up, they are also selling access to the database at $200,000 a pop to other hackers seeking such data.
Customer information is a hot commodity in the hacking community due to the wide variety of fraud that can be committed with little effort, and synergies that can be gained by combining leaks. For example, only two days before this report, T-Mobile was reportedly hit with a server attack exposing 47.8 million people's data.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
13 Comments
How are individual users impacted by shit like this when they are on a family plan (ie: dad pays the bill for four family members who have their own phones on his plan)? Is it a guarantee of the same vulnerabilities? Does each user have their SSN associated with their phones, or is that just the account holder whose SSN is stored?
First T-Mobile, now AT&T. What I don’t understand is why the government (NSA, CIA, TSA, Homeland Security, whatever) isn’t shutting down these hacker’s websites. It’s turning out that the internet is a massive failure, that’s its open architecture is a threat to society, that no one is safe while using it, that it’s dangerous to use. It used to be that a robber had to stick a gun in your ribs to get your money. No longer. Thieves these days simply use the internet to relieve you of your life's savings, easy peasy.
Why are corporations like these two, who are supposedly titans of tech, so vulnerable to hackers? Are their systems just leaky sieves? Is the server industry so incompetent they can’t produce secure hardware and software?
The current ragging on Apple over its CSAM intentions pale in comparison to all the customer data for sale on the dark web. Forget the government, the hackers have already created a surveillance infrastructure that not even China can match. I’m not kidding.
The hacker has limited intelligence if they think AT&T will pony up millions