AT&T, one of the largest telecommunications companies in the United States, recently made headlines when it was revealed that they paid a hacker over $370,000 to delete stolen customer data. This incident took an unusual turn when it was discovered that the ransom may not have gone to the actual perpetrators of the breach.
In April, AT&T experienced a data breach that exposed the call and text records of “nearly all” its customers. The compromised information included phone numbers and the number of calls made. In response to this breach, AT&T has strengthened its cybersecurity measures and is working with law enforcement to investigate the incident.
However, it appears that AT&T took additional actions in relation to the hack. Wired reports that the company paid a ransom of 5.7 bitcoin, worth over $370,000 at the time, to a member of the hacking group ShinyHunters in mid-May. In exchange for this payment, the hacker allegedly erased the stolen data from the cloud server where it was stored and provided video proof of its deletion.
While this payment may have provided some reassurance to AT&T and its customers, there is no guarantee that all the stolen data has been completely eliminated. Digital data can be easily copied, and there is a possibility that incomplete fragments of the stolen dataset are still at large.
The identity of the responsible party behind the AT&T hack remains uncertain. According to Wired, the individual who received the ransom pointed to a known hacker named John Binns, who was previously arrested in Turkey for his alleged involvement in the 2021 T-Mobile hack. Although Binns’ connection to the AT&T hack has not been officially confirmed, AT&T’s SEC filing stated that at least one individual involved had been apprehended. Additionally, Binns has been linked to the AT&T breach by 404 Media.
The hacker who received the ransom claimed that Binns distributed samples of the stolen data to other hackers. If Binns had not been arrested, these hackers would have likely attempted to extort a ransom from him instead of AT&T. After initially demanding $1 million, the hacker eventually accepted a lesser amount and had it transferred into their cryptocurrency wallet. They were able to access the cloud server where Binns stored the hacked data and deleted it from there.
Although questions remain about the direct involvement of the hacker who received the ransom in the AT&T breach, their group, ShinyHunters, has been responsible for several high-profile hacks recently. Earlier this year, ShinyHunters conducted a major hack on Ticketmaster, demanding an $8 million ransom. They claimed to have obtained data from around 440,000 ticket holders for Taylor Swift’s Eras Tour. While Ticketmaster’s parent company Live Nation denied offering any money to the hackers, ShinyHunters stated that they initially offered $1 million in ransom.
Both the Ticketmaster and AT&T breaches have been linked to a breach of the third-party cloud storage provider Snowflake, which both companies were clients of. However, it is worth noting that AT&T has faced data security challenges even without the involvement of Snowflake. In March, a separate leak exposed the data of approximately 73 million current and former AT&T customers, including sensitive information like Social Security numbers and encrypted passwords.
This series of events highlights the ongoing challenges faced by companies in protecting customer data from cyberattacks. It underscores the importance of robust cybersecurity measures and the need for constant vigilance to stay one step ahead of hackers. Customers must also remain cautious and take steps to protect their personal information, such as regularly updating passwords and being mindful of phishing attempts.