Days after a database of T-Mobile customers was posted on the Darknet for sale, the same threat actor, ShinyHunters, has posted a database that they claim is from AT&T. It is unconfirmed at this time whether the data is legitimate and according to a spokesperson at AT&T, they claim it is either inauthentic or sourced from third parties. The sample data includes full names, Social Security Numbers (SSN), email addresses, and dates of birth. AT&T suffered a data breach in 2015 that was the result of an insider, and coincidently, the threat actor posted online looking to recruit an employee of AT&T and T-Mobile. It is unclear if those recruitment efforts were successful. T-Mobile has since identified the point of intrusion from the threat actor and closed it off. The database that the threat actor claims is from AT&T is being sold for $200,000.
The data included in either of these breaches will most likely be used for social engineering attacks and identity theft. Regardless of whether the information was sourced from AT&T or a third party, customers are advised to be vigilant when it comes to monitoring their credit reports since Social Security Numbers may have been compromised. Any suspicious activity should be reported to the proper authorities, following the advice on the website: www.IdentityTheft.gov. Employees should be trained on how to spot phishing emails that may target them, including those that are exploiting the data that was included in this breach.