AT&T Denying Data Breach After Hacker Auctions Data

-

 A well-known hacker, ShinyHunters, listed a database containing personal information on 70 million AT&T customers on a popular criminal forum yesterday. The starting price of this data is $200,000 USD with incremental offers at $30,000 USD but ShinyHunters stated that he/she would sell the data immediately for $1 million. 

 

From the samples shared by Shiny, it seems the database contains information like names, addresses, phone numbers, SSNs and birth dates. An anonymous researcher told reporters that two of the four people in the samples had confirmed att.com accounts. Not much else is known about how this information was obtained as AT&T stands firmly behind their assertion that they had not come from them. 




ShinyHunters, however, is a well-known and accomplished hacker with a history of compromising web pages and developer repositories with the goal of harvesting credentials and API keys. Shiny uses this information to then steal databases and sells those to other threat actors. If the data doesn’t sell after some time, ShinyHunters may release it for free on hacker forums as he/she has done in the past. Previously, Shiny breached companies like Wattpad, Tokopedia, GitHub, BigBasket, Nitro PDF, Pixlr, TeeSpring, Mathway and more. 




AT&T doesn’t seem to believe, or doesn’t want to admit, that the stolen information came from their systems. When asked by reporters, AT&T claimed that “Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems”. Furthermore, when asked if the information could have originated from a third-party, AT&T did not want to speculate. "Given this information did not come from us, we can't speculate on where it came from or whether it is valid" AT&T continued. 




ShinyHunters stated he/she was not surprised and didn’t care, anyways, as he’s still selling the information whether AT&T admits a breach or not. Shiny claimed to not have contacted AT&T but is open to “negotiation”. It’s hard to doubt Shiny as selling fakes is not his modus operandi and AT&T’s investigations could very well be insufficiently operated, for all we know. 




This news will be followed closely and updated accordingly. Following the massive T-Mobile breach, AT&T could also be facing a large leak of customer data. 




Relevant articles:


https://www.hackread.com/att-breach-shinyhunters-database-selling-70-million-ssn/


https://intel471.com/blog/shinyhunters-data-breach-mitre-attack

Comments

Post a Comment

Popular posts from this blog

-
Image
ESET's APT Activity Report Q4 2023-Q1 2024 summarizes observations of various advanced persistent threat (APT) groups documented by ESET researchers between October 2023 and March 2024. Their observations highlight the broader threat landscape investigated during this period of time and details trends, developments and tooling used by these threat actors. The public report proclaims to contain a fraction of what private ESET customers receive. China Chinese-aligned cyber espionage groups have traditionally targeted public facing applications for obtaining initial access on a target network. In many campaigns investigated by ESET and others, the groups leveraged one-day vulnerabilities against a range of appliances and software including VPNs, firewalls, Confluence, Exchange, and others. See ESETs report linked below for their detailed analysis on Chinese threat activity.  Middle East According to ESET's research, a potentially Iranian-aligned threat group BladedFeline continued...
Read more

Russian GRU Unit 29155 recent operations

-
Image
Background Russian GRU military intelligence Unit 29155 (aka Cadet Blizzard, Ember Bear, FrozenVista, UNC2589) is a covert subunit of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), primarily tasked with conducting high-stakes and clandestine operations abroad. Established under the GRU, Unit 29155 gained public attention due to its involvement in activities that align with Russia's asymmetric warfare objectives, particularly in Europe, Ukraine, and NATO-affiliated regions. Unit 29155 operates in several domains, from traditional espionage and sabotage to cyber operations. Figure 1 WANTED: GRU Unit 29155 [1] Unit 29155 has significantly intensified operations since 2020, pivoting from covert actions in Europe toward a greater emphasis on cyber operations with a focus on undermining Ukraine and NATO allies through espionage, data manipulation, and sabotage. Primary TTPs Espionage and Data Theft Unit 29155 conducts extensive espionage ca...
Read more
-
Image
Microsoft recently released their findings after a lengthy investigation into activity conducted by the Russian state-sponsored APT28 group using a unique tool for privilege escalation and credential harvesting on victim networks. Microsoft refers to the custom tool as GooseEgg and claim that the group has been observed leveraging this tool since at least June 2020. GooseEgg The custom toolset leverages CVE-2023-38208 in the Windows Print Spooler service which changes a JavaScript constraints file and executes it with SYSTEM permissions. Based on their findings, Microsoft believes GooseEgg is deployed after initial access to elevate access to targeted systems with the end goal of harvesting credentials and data. Unsurprisingly, targeting includes Ukrainian, Western European and North American entities across several sectors including government, non-government, education and transportation. After initial access of victim device, researchers observed APT28 deploying GooseEgg to escalate...
Read more