AT&T issues a warning to its 86 million customers after data was leaked on the dark web.
Cybercrimes have evolved far beyond the days of suspicious emails, phishing and dodgy downloads. These days, scammers can target you through something as innocent as scanning a QR code, plugging in a USB charging cable, or downloading bogus cryptocurrency apps from official stores.
But the latest cyber nightmare shows just how vulnerable our personal information really is despite being securely stored by major corporations.
Advert
A massive trove of personal data from more than 86 million AT&T customers has been leaked on the dark web, including decrypted Social Security numbers.
The stolen information was posted to a Russian cybercrime forum on 3 June, and it's comprehensive enough to make you wary about your own data security and what happens when the basics get overlooked.
The files contain full names, birthdates, phone numbers, email addresses, home addresses, and a staggering 44 million Social Security numbers.
Advert
Furthermore, the breach has been reportedly linked to a large-scale cyberattack that exploited vulnerabilities in Snowflake, a US-based cloud storage platform that major companies rely on to manage sensitive data.
Hackers seemingly gained access to AT&T's data by infiltrating accounts that lacked multi-factor authentication. This simple yet essential security feature that's active on Facebook and Instagram requires more than just a password to log in to your accounts.
If you're an AT&T customer - current or former - you can check if your data was exposed by visiting the company's official website.
According to the case, the files are being repackaged into three cleanly formatted CSV files, making them incredibly easy to access and exploit on dark web cybercrime forums.
Advert
"After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web," a spokesperson for AT&T said in a statement. "Affected customers were notified at that time. We have notified law enforcement of this latest development."
AT&T has identified the Russian hacking group ShinyHunters as being responsible for this breach and a previous hack that affected 73 million customers in 2019. If that name sounds familiar, the cybercriminals are also behind the recent Ticketmaster breach that compromised data on 560 million people.
Their growing list of high-profile attacks has prompted Senators Richard Blumenthal and Josh Hawley to call on both AT&T and Snowflake to explain their repeated failures to protect customer data.
Advert
Cybersecurity researchers are urging all potentially affected customers to take immediate action, which involves closely monitoring their credit reports and taking steps to protect themselves from identity theft.
"The original breach of sensitive records from AT&T was enough to worry their customers, now it poses a significant risk to their identities," said Thomas Richards, Infrastructure Security Practice Director at Black Duck.