AT&T pays $370,000 ransom after massive data breach

15 Jul 2024

Image: © jetcityimage/Stock.adobe.com

The hacker reportedly demanded $1m from AT&T initially, but eventually accepted a third of the sum.

AT&T paid a member of the ShinyHunters hacking group $370,000 to delete the data of millions of customers following a massive data breach last week.

First made aware of it in April, AT&T said that the breach exposed the calls and texts of nearly all its 110m cellular customers after ShinyHunters stole the company’s from the cloud data giant Snowflake.

The breach also includes data from customers of mobile virtual network operators using AT&T’s wireless network and landline customers who interacted with the exposed cellular numbers between 1 May and 31 October 2022.

Now, Wired reports that the US telecoms giant paid a member of ShinyHunters around $370,000 to delete the data and provide a video demonstrating proof its deletion. The group member directly told the outlet that AT&T paid the ransom in May and provided proof of the bitcoin transaction.

The payment was also confirmed by a security researcher who goes by his online Reddington, according to the report, and acted as a help in negotiation between the two parties. The hacker initially demanded $1m from AT&T but eventually accepted a third of the sum.

A company spokesperson told TechCrunch late last week that it would notify around 110m customers about the data breach.

“We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. We have taken steps to close off the illegal access point,” AT&T said in a statement.

“The data does not contain the content of calls or texts, personal information such as social security numbers, dates of birth or other personally identifiable information. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number.”

Various high-profile companies that use Snowflake’s services have been targeted in recent months by cyberattackers.

The victims of this campaign include Ticketmaster, which suffered a massive data breach that saw the data of 560m accounts go up for sale on the dark web. Snowflake previously investigated the wave of breaches with the support of cybersecurity companies – including Google-owned Mandiant. This investigation claimed that it notified “approximately 165 potentially exposed organisations” about the threat.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com