A hacker gang claims to be selling data on 70 million AT&T customers, including individual call records and account PIN codes. The alleged AT&T data was posted for sale on the dark web last week by an entity known as “Gnosticplayers.” An advertisement for the stolen data states that it comes in two parts—a smaller one with basic subscriber information such as customer names, addresses, e-mail addresses, account numbers, and payment information; and a bigger one that includes more detailed records of phone calls.
AT&T confirmed to Motherboard on Friday that the data is real. “We’re aware of the situation and we’ve notified law enforcement,” an AT&T spokesperson said in a brief statement.
The account PIN codes mentioned in the advertisement refer to those used for some corporate accounts, according to Motherboard’s anonymous sources. It’s not clear what these numbers would allow attackers to do with stolen corporate accounts, but it may go beyond just hijacking calls and messages: AT&T reportedly uses them as security tokens for other services such as email and VPN access.
AT&T has been notified of the hacked data and told Motherboard it’s working on a statement, which will be added once available. For now, anyone who thinks they might have an AT&T account should read this post by security expert Brian Krebs on how to protect yourself.
While data breaches are unfortunately common, the claimed 70 million AT&T records make it one of the biggest in recent years. Earlier this year, credit reporting agency Equifax admitted that hackers stole the personal details (including names and social security numbers) on 143 million US customers—almost half of all Americans. It later revised the number up to 145.5 million people.
An advertisement for the stolen data states that it comes in two parts—a smaller one with basic subscriber information such as customer names, addresses, e-mail addresses, account numbers, and payment information; and a bigger one that includes more detailed records of phone calls.