AT&T paid over $300,000 to ShinyHunters, a ransomware operator group that stole “nearly all” customer records and other data from the servers to ensure data deletion. The ransom payment was confirmed by both blockchain analysis and cybersecurity experts, highlighting the intricate and ongoing battle between corporations and cyber criminals.
The hacker initially demanded $1 million but settled for approximately $373,646 paid in Bitcoin, reports Wired. This negotiation was facilitated by a security researcher known only as Reddington, who served as an intermediary.
Reddington confirmed the payment and shared the video with AT&T demonstrating the deletion of data. Despite the assurance, there remains uncertainty about the total extent of the data dissemination.
AT&T became aware of the breach in April through Reddington, who was contacted by another hacker claiming to possess his call logs. Upon verification, it was revealed that millions of AT&T customers’ call and texting logs had been compromised. The stolen data spans several months and includes call metadata but not the content of calls or personal identifiers. However, the potential for misuse remains significant, given the hackers’ ability to perform reverse lookups to identify individuals.
This incident is part of a larger pattern of breaches involving over 150 companies including notable names like Ticketmaster, Santander, and LendingTree. These breaches were facilitated by a multi-factor authentication on Snowflake accounts, allowing hackers to access and siphon off data once they obtained credentials.
AT&T breach was a potential national security concern for the United States and hence was granted a delay in public disclosure by the Department of Justice. The FBI also got involved in the investigation to assess the severity of the stolen data.
The hacker responsible for receiving the ransom payment implicated John Erin Binns, a hacker currently facing charges for a separate breach involving T-Mobile. Binns’ history includes erratic behaviour and accusations of being targeted by government conspiracies, adding a layer of complexity to the case. His alleged involvement in the AT&T breach occurred while he was under indictment for the T-Mobile hack.
On July 12, 2024, a breach in the mSpy software exposed the data of nearly two million customers.
In the News: DoT blocks 1.92 crore SIM cards and 2.2 lakh mobiles across India