AT&T Reportedly Paid Small Fortune for Hacker to Delete Stolen Data

AT&T has reportedly paid hackers more roughly $370,000 to ensure hackers deleted data involving “phone call and text message records of nearly all of AT&T cellular customers.”...
AT&T Reportedly Paid Small Fortune for Hacker to Delete Stolen Data
Written by Matt Milano

AT&T has reportedly paid hackers more roughly $370,000 to ensure hackers deleted data involving “phone call and text message records of nearly all of AT&T cellular customers.”

AT&T revealed in mid-July that it had suffered a breach impacting the “phone call and text message records of nearly all of AT&T cellular customers” from May 1, 2022 to October 31, 2022, along with January 2, 2023. The company said call and text content was not compromised, nor were personal details, such as Social Security numbers and other personally identifiable information. Nonetheless, it’s a relatively easy matter to conduct a reverse lookup on the phone numbers in the data and see who AT&T customers are contacting.

According to Wired, negotiations between the hacker—part of the ShinyHunters group—and AT&T were facilitated by a sevurity researcher going by the handle Reddington, no doubt a nod to Raymond Reddington from the The Blacklist TV show. Reddington was paid a fee by AT&T for his assistance negotiating the deal that saw the hacker drop his demand from $1 million to $370,000.

In exchange for the payment, the hacker provided video proving he deleted the data in question. Wired reports that Reddington has brokered a number of deals for victims of the Snowflake account breaches. Based on that experience, Reddington believes the Ticketmaster breach occurred first, showing the hackers how to then go after AT&T.

“Analysis of the data samples [the hackers] provided from other victims indicated that the hack of Ticketmaster occurred first,” he told the outlet. “From there, it seems the actors figured out they could target ‘snowflakecomputing.com’ domains by looking for stolen credentials. It did not take them long to compile a list and write a script to hit all of the Snowflake victims simultaneously.”

While it certainly would have been better for the breach to have never occurred, AT&T is to be commended for being willing to do what was necessary to ensure the data’s destruction and keep it from falling into the hands of yet other bad actors.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us