49M AT&T Users Exposed in Repackaged Data Leak
▼ Summary
– A threat actor re-released 2021 AT&T breach data, now linking Social Security numbers and birth dates to individual users.
– AT&T is investigating but believes the data is repackaged from the known 2021 breach, not a new leak.
– The data was posted on a Russian hacking forum, falsely claimed to be from the 2024 Snowflake breach.
– The leak contains 86 million unique records, with 48.9 million unique phone numbers tied to customer details.
– This is a cleaned-up version of the 2021 breach data, not new or from the Snowflake attack.
Millions of AT&T customers face renewed privacy risks as hackers repackage stolen data from a 2021 breach, now directly exposing sensitive personal details. A cybercriminal has re-released information originally compromised three years ago, this time merging previously separate files to explicitly connect Social Security numbers and birth dates with individual user profiles.
AT&T confirmed awareness of the situation, stating they are actively investigating the claims while noting the data appears to originate from the earlier incident. “Cybercriminals frequently repurpose old breaches for profit,” a company representative explained. “We’re reviewing reports of this data resurfacing on dark web marketplaces.”
The resurfaced records first appeared on a Russian-language hacking forum, where the poster falsely attributed the leak to AT&T’s 2024 Snowflake incident—a separate breach exposing call logs. The threat actor claimed to have “cleaned” the data by removing placeholder values and decrypting critical fields. However, cybersecurity analysts identified the files as matching the 2021 ShinyHunters breach, where hackers initially demanded $200,000 for the stolen information.
When the same data was leaked freely in March 2024, it contained encrypted fields alongside separate files mapping those values to plaintext. AT&T initially disputed ownership before acknowledging the breach impacted 73 million customers. The latest iteration eliminates internal company data while pairing decrypted SSNs and birth dates with customer records—escalating risks of identity theft and fraud.
The dataset contains over 88 million lines, though deduplication reduces this to approximately 86 million unique entries. Further analysis reveals 48.9 million distinct phone numbers tied to personal details, with duplicates stemming from customers using the same number across multiple addresses.
Key takeaways for affected users:
- This is not a new breach but a refined version of the 2021 incident.
- Exposed data now directly links identifiers like SSNs to individuals, unlike earlier encrypted formats.
- Monitoring credit reports and enabling fraud alerts remains critical for mitigation.
While AT&T reiterates the information isn’t newly compromised, the repackaging underscores how historical breaches can resurface with heightened consequences. Customers are urged to remain vigilant against phishing attempts and unauthorized account activity.
Image: Screenshot of forum post advertising the leaked AT&T data.
(Source: BLEEPINGCOMPUTER)
