AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.
From the samples shared by the threat actor, the database contains customers’ names, addresses, phone numbers, Social Security numbers, and date of birth.
A security researcher who wishes to remain anonymous told BleepingComputer that two of the four people in the samples were confirmed to have accounts on att.com.https://www.ad-sandbox.com/static/html/sandbox.html
Other than these few details, not much is known about the database, how it was acquired, and whether it is authentic.
However, ShinyHunters is a well-known threat actor with a long history of compromising websites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly to other threat actors or utilize a middle-man data breach seller.
In many cases, when a database is not sold, ShinyHunters will release it for free on hacker forums.