Days after a database of T-Mobile customers was posted on the Darknet for sale, the same threat actor, ShinyHunters, has posted a database that they claim is from AT&T. It is unconfirmed at this time whether the data is legitimate and according to a spokesperson at AT&T, they claim it is either inauthentic or sourced from third parties. The sample data includes full names, Social Security Numbers (SSN), email addresses, and dates of birth. AT&T suffered a data breach in 2015 that was the result of an insider, and coincidently, the threat actor posted online looking to recruit an employee of AT&T and T-Mobile. It is unclear if those recruitment efforts were successful. T-Mobile has since identified the point of intrusion from the threat actor and closed it off. The database that the threat actor claims is from AT&T is being sold for $200,000.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased