There has been a claimed AT&T hack of personal data from 70 million customers, less than a week after a confirmed hack of tens of millions of T-Mobile customer records. In both cases, the data includes social security numbers.

Update: The carrier denied in stronger terms that it was hacked.

Restore Privacy broke the news.

A well-known threat actor is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, dates of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) and has provided RestorePrivacy with exclusive information for this report.

In the original post that we discovered on a hacker forum, the user posted a small sample of the data. We examined the sample and it appears to be authentic based on available public records. Additionally, the user who posted it has a history of major data breaches and exploits. 

While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid. Here is the data that is available in this leak:

  • Name

  • Phone number

  • Physical address

  • Email address

  • Social security number

  • Date of birth

Even more worryingly, the hacker is working on decrypting data that he believes comprises user accounts’ PINs.

The site’s Sven Taylor tells me that the sample records he reviewed are too few to say for certain that the source was AT&T, but the hacker concerned has been proven correct about “many major leaks and breaches,” making him a credible source.

AT&T has issued a single-sentence statement that falls well short of a categorical denial:

Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.

Update the Carrier included a more complete rebuttal:

“Based on our investigation yesterday, the information that appeared in an internet chat room does not appear to have come from our systems.”

So there was no breach of AT&T?

Based on our investigation, no, we don’t believe this was a breach of AT&T systems.

Is this AT&T customer data? Where did it come from?

Given this information did not come from us, we can’t speculate on where it came from or whether it is valid.

The hacker has said he is willing to reach “an agreement” with AT&T to remove the data from sale.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear