In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum. Dating back to August 2021, the data was originally posted for sale before later being freely released. At the time, AT&T maintained that there had not been a breach of their systems and that the data originated from elsewhere. 12 days later, AT&T acknowledged that data fields specific to them were in the breach and that it was not yet known whether the breach occurred at their end or that of a vendor. AT&T also proceeded to reset customer account passcodes, an indicator that there was sufficient belief passcodes had been compromised. The incident exposed names, email and physical addresses, dates of birth, phone numbers and US social security numbers.
On the news:
Inside the Massive Alleged AT&T Data Breach
I hate having to use that word - "alleged" - because it's so inconclusive and I know it will leave people with many unanswered questions. (Edit: 12 days after publishing this blog post, it looks like the "alleged" caveat can be dropped, see the addition at the end of the
www.troyhunt.com
AT&T Addresses Recent Data Set Released on the Dark Web
AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web; source is still being assessed.
about.att.com
AT&T resets account passcodes after millions of customer records leak online | TechCrunch
A security researcher told TechCrunch that leaked AT&T customer data contained encrypted account passcodes that can be easily unscrambled.
techcrunch.com
Download:
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
