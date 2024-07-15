Summary Hackers demanded over $370,000 in ransom from AT&T to delete stolen data and provide proof.

Blockchain records show the equivalent value in cryptocurrency (5.7 bitcoin) changed hands, though AT&T hasn't publicly verified that it paid the hacker.

Stolen data from AT&T customers included phone numbers, prompting the company to advise changing passwords.

Hackers are beginning to find quick ways to make a lot of cash by stealing data from companies that can afford to pay their ransoms. Some of these businesses are mobile service providers, which collect an ample amount of data and monthly payments from thousands of customers. AT&T is one US carrier that has experienced a data breach in recent months, and a hacker now claims that it has been willing to pay ransoms.

Related What is ransomware? The malware that wants a Bitcoin

According to exclusive information obtained by Wired, a hacker has come forward with cryptocurrency receipts, showing alleged ransom payments from AT&T (via The Verge). The publication and an independent expert verified through blockchain tracking tools that the payment changed hands, with 5.72 bitcoin (equivalent to $373,646 at the time of the transaction) then being moved through a series of exchanges and wallets to launder the money.

The individual, who is a part of the ShinyHunters hacking group, says that the carrier paid the ransom in May. The timing of this transaction seems to indicate it came in response to the data breach that was made public last week, where millions of customers' call logs from May 2022 through October 2022 were stolen.

An SEC filing is revealing more details

As noted in a regulatory filing to the Securities and Exchange Commission, AT&T learned of a security breach involving millions of texting and call logs back in April. Originally, the ransom sent to the company was set at $1 million, but it managed to talk down the hacker to the hundreds of thousands supposedly paid in May. However, AT&T wasn't the only one impacted — Santander Bank and Ticketmaster also experienced data breaches.

In terms of the breach impacting AT&T customers, the mobile carrier has specified that the stolen data dates back to 2022. The hacking incident occurred in April of this year, and it extended to AT&T's MVNOs, including Cricket and Jolt Mobile. Although some content of the stolen logs, such as customer names, was not accessible to the hackers, phone numbers were compromised. Through other publicly available tools, these numbers could easily be linked to names.

AT&T has since suggested that customers change their passwords, as well as the passwords of any accounts that may use the same credentials. That being said, this is likely just a small measure of consolation to AT&T customers who may already be experiencing the impact of the breach.

Related Best T-Mobile plans in 2024 Get the 5G data you need without wasting cash on features you don't