In a trend that absolutely no one wants to get behind, another older data leak has been paired with additional customer information to get re-released as a new data leak to expose even more customer info and personal details.
As reported by BleepingComputer, an old 2021 AT&T data leak which contained millions of phone numbers has been linked with Social Security numbers and birth dates of the individual users.
The company has stated that cybercriminals will commonly repackage previously disclosed data for financial aim, which is what they believe is happening here, and that when they learned of the data going up for sale on the dark web they began a full investigation.
While the threat actor who leaked the data onto a popular Russian-speaking hacking forum claimed it was the data stolen during the 2024 AT&T ‘Snowflake’ cyberattack, which is what was initially reported by HackRead. However, after BleepingComputer analyzed the exposed information, the news outlet determined it was actually from the 2021 data leak which was caused by a hacker dubbed ‘ShinyHunters.’
This is not the first time the 2021 ShinyHunters data has been leaked or even linked to additional personal information. For instance last year, the data was leaked along with names, addresses, mobile phone numbers, encrypted date of birth, encrypted Social Security numbers and more. This leak has cleaned up that data to remove internal AT&T information and added the unencrypted Social Security numbers and dates of birth to each customer record.
There are reportedly over 86 million unique records of this nature, with more than 48 million unique phone numbers that have associated customer information. This is due to customers having multiple records with the same phone number being used at different addresses.
How to check on your data and what to do next
Not sure if you were one of the customers affected by these breaches? At this point, if you're an AT&T customer, you should be taking steps to see if you've been affected and then to lock down your own data in order to keep yourself safe.
As with all data breaches, the biggest threat will be phishing attacks and online fraud. Now that hackers can easily figure out your identity, they might try to reach out to you posing as AT&T. That means you'll need to be extra careful when checking your inbox and messages.
Avoid clicking on links or downloading attachments from unknown senders as hackers often set up fake pages to steal your credentials, credit card data and other sensitive info. For this reason, you want to go directly to AT&T’s page instead of clicking on any links on search results, social media or even ads that claim to take you to it.
If you haven't signed up for one of the best identity theft protection services, now might be a good time to look into them. You can also consider putting fraud alerts on your files with the Big Three credit-reporting agencies Equifax, Experian and TransUnion, and even instituting a credit freeze (although doing so can complicate getting a loan or opening new payment accounts).
This 2021 data leak seems to be the gift that keeps on giving for hackers, so I wouldn't be surprised if this stolen info is used in future attacks. Don't worry though as we'll be keeping a close eye on this one.
More from Tom's Guide
- More than 4 billion user records exposed in biggest data leak ever — everything you need to know
- Meta called out for tracking Android users across the web without their consent — what you need to know
- Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
