A well-known threat actor with a long list of previous breaches is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, date of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) and has provided RestorePrivacy with exclusive information for this report.
Update: AT&T has initially denied the breach in a statement to RestorePrivacy. The hacker has responded by saying, “they will keep denying until I leak everything.”
Hot on the heels of a massive data breach with T Mobile earlier this week, AT&T now appears to be in the spotlight. A well-known threat actor in the underground hacking scene is claiming to have private data from 70 million AT&T customers. The threat actor goes by the name of ShinyHunters and was also behind other previous exploits that affected Microsoft, Tokopedia, Pixlr, Mashable, Minted, and more.
The hacker posted the leak on an underground hacking forum earlier today, along with a sample of the data that we analyzed. The original post is below:
This is the original post offering the data for sale on a hacking forum.
We examined the data for this report and also reached out to the hacker who posted it for sale.
70 million AT&T customers could be at risk
In the original post that we discovered on a hacker forum, the user posted a relatively small sample of the data. We examined the sample and it appears to be authentic based on available public records. Additionally, the user who posted it has a history of major data breaches and exploits, as we’ll examine more below.
While we cannot yet confirm the data is from AT&T customers, everything we examined appears to be valid. Here is the data that is available in this leak:
Name
Phone number
Physical address
Email address
Social security number
Date of birth
Below is a screenshot from the sample of data available:
A selection of AT&T user data that is for sale.
In addition to the data above, the hacker also has accessed encrypted data from customers that include social security numbers and date of birth. Here is a sample that we examined:
The data is currently being offered for $1 million USD for a direct sell (or flash sell) and $200,000 for access that is given to others. Assuming it is legit, this would be a very valuable breach as other threat actors can likely purchase and use the information for exploiting AT&T customers for financial gain.
The problem with harvesting reams of sensitive data is that it presents a very tempting target for malicious hackers, enemy governments, and other wrongdoers. That hasn’t prevented anyone from collecting and storing all of this data, secure only in the knowledge this security will ultimately be breached.
The devices, known as HIIDE, for Handheld Interagency Identity Detection Equipment, were seized last week during the Taliban’s offensive, according to a Joint Special Operations Command official and three former U.S. military personnel, all of whom worried that sensitive data they contain could be used by the Taliban. HIIDE devices contain identifying biometric data such as iris scans and fingerprints, as well as biographical information, and are used to access large centralized databases. It’s unclear how much of the U.S. military’s biometric database on the Afghan population has been compromised.
At first, it might seem that this will only allow the Taliban to high-five each other for making the US government’s shit list. But it wasn’t just used to track terrorists. It was used to track allies.
While billed by the U.S. military as a means of tracking terrorists and other insurgents, biometric data on Afghans who assisted the U.S. was also widely collected and used in identification cards, sources said.
Epic Games’ objections to Google’s business practices became clearer on Thursday with the release of previously redacted accusations in the gaming giant’s lawsuit against the internet goliath.
Those accusations included details of a Google-run operation dubbed Project Hug that aimed to sling hundreds of millions of dollars at developers to get them to remain within Google Play; and a so-called Premiere Device Program that gave device makers extra cash if they ensured users could only get their apps from the Play store, locking out third-party marketplaces and incentivizing manufacturers not to create their own software souks.
[…]
As part of the litigation, Epic made some accusations under seal last month [PDF] because Google’s attorneys designated the allegations confidential, based on Google’s habit of keeping business arrangements secret.
But on Wednesday, Judge James Donato issued an order disagreeing with Google’s rationale and directing the redacted material to be made public.
“Google did not demonstrate how the unredacted complaints might cause it commercial harm, and permitting sealing on the basis of a party’s internal practices would leave the fox guarding the hen house,” the judge wrote [PDF].
The unredacted details, highlighted in a separate redlined filing [PDF] and incorporated into an amended complaint filed on Friday [PDF], suggest Google has gone to great lengths to discourage competing app stores and to keep developers from making waves.
For example, the documents explain how Google employs revenue-sharing and licensing agreements with Android partners (OEMs) to maintain Google Play as the dominant app store. One filing describes “Anti-Fragmentation Agreements” that prevent partners from modifying the Android operating system to offer app downloads in a way that competes with Google Play.
“Google’s documents show that it pushes OEMs into making Google Play the exclusive app store on the OEMs’ devices through a series of coercive carrots and sticks, including by offering significant financial incentives to those that do so, and withholding those benefits from those that do not,” the redlined complaint says .
These agreements allegedly included the Premiere Device Program, launched in 2019, to give OEMs financial incentives like 4 per cent, or more, of Google Search revenues and 3-6 per cent of Google Play spending on their devices in return for ensuring Google exclusivity and the lack of apps with APK install rights.
[…]
Google’s highest level execs, it’s claimed, suggested giving Epic Games a deal “worth up to $208m (incremental cost to Google of $147m) over three years” to keep the game maker compliant. And if Epic did not accept, the court filing alleges, “a senior Google executive proposed that Google ‘consider approaching Tencent,’ a company that owns a minority stake in Epic, ‘to either (a) buy Epic shares from Tencent to get more control over Epic,’ or ‘(b) join up with Tencent to buy 100 per cent of Epic.'”
The filing contends that in 2019 Google’s internal estimate was that the company could lose between $1.1bn and $6bn by 2022 if Android app stores operated by Amazon and Samsung gain traction. The Epic Games Store, it’s said, could have cost Google $350m during that period.
And this kind of nasty pressure is how monopolies strongarm their dominance
Court documents reveal that LG, Motorola, and HMD Global, which makes Nokia phones, are part of the Premier Device Program. Premier devices are effectively mandated to make Google’s services the “defaults for all key functions” for up to 90% of the manufacturer’s Android phones. This includes blocking apps with the ability to install APKs on the device, except for the app stores designed for and managed by the respective original equipment manufacturers (OEMs). In turn, Google promised a higher cut of search revenue earned on the device, raising the rate from 8% to 12%, which is not an insignificant increase. In some instances, Google also agreed to share up to 6% of the “Play spend” revenue from the Play Store, essentially how much money that phone made for Google based on the user’s interactions.
In addition to the other brands mentioned above, Xiaomi, Sony, Sharp, and BBK Electronics, which owns OnePlus, and overseas brands like Oppo and Vivo, were all involved in the program in varying capacities. Google even had contracts with carriers to dissuade them from launching app stores that would compete with Android’s app marketplace—explicitly demonstrating deep pockets prevent competition and innovation.
Distributed Denial of Secrets is a journalist 501(c)(3) non-profit devoted to enabling the free transmission of data in the public interest.
We aim to avoid political, corporate or personal leanings, to act as a beacon of available information. As a transparency collective, we don’t support any cause, idea or message beyond ensuring that information is available to those who need it most—the people.
