A threat actor has republished data from a 2021 AT&T breach, this time linking Social
Security numbers and birth dates directly to individual users. The recompiled leak combines previously separate files into a more damaging format.
AT&T confirmed that they are investigating the release but believe it stems from the 2021 incident, not a new breach. According to the company, it is common for cybercriminals to repackage old data for financial gain.
The data first appeared on a Russian-speaking hacking forum, where a user claimed it was from the 2024 Snowflake breach that exposed call logs for 109 million customers. However, analysis confirms the dataset matches information stolen by the threat actor ShinyHunters during the 2021 AT&T breach. That data was initially offered for sale for $200,000.
In March 2024, a separate threat actor leaked the full dataset online for free, saying it came from the ShinyHunters breach. The original leak included encrypted Social Security numbers and dates of birth, along with names, addresses, and mobile numbers. Some files even contained mappings of the encrypted data to their decrypted counterparts.
AT&T initially denied the data belonged to them, but later acknowledged the breach, which affected 73 million customers.
The newly repackaged version of the leak includes cleaned-up records with decrypted personal details and without internal AT&T data. The complete file has 88,320,017 lines, reduced to 86,017,088 unique entries after removing duplicates. Further analysis found 48,896,044 unique phone numbers tied to individual customers, with many users appearing multiple times due to address changes.
This is not a new breach, nor is it related to the Snowflake incident, but rather a more damaging republishing of the 2021 data theft.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
