TL;DR
- AT&T paid hackers nearly $374,000 to erase stolen data on almost all of its 109 million wireless customers. The data breach exposed customers’ friends, home addresses, and workplaces, but did not include social security numbers, dates of birth, or call/text content.
- The hackers, affiliated with the notorious ShinyHunters group, initially demanded $1 million but negotiations brought the ransom down to around $374,000.
- A security researcher acted as a mediator between AT&T and the hackers, receiving a fee from AT&T for facilitating the negotiation process. The hackers provided evidence that the stolen data was deleted.
AT&T, a major telecommunications company based in the US, has revealed that the ShinyHunters crypto ransomware group managed to steal data from “almost all” of its 109 million AT&T Wireless customers. The breach took place through AT&T’s account at the cloud data firm Snowflake.
WIRED reported that AT&T paid hackers 5.7 Bitcoins, which is around $373,646, to erase the stolen data. The payment was made on May 17. Chris Janczewski from TRM Labs, a crypto-tracing company, verified the transaction using their tracking tool.
The money was subsequently laundered through various cryptocurrency exchanges and wallets. However, the wallets’ controllers remain unidentified.
Negotiations and Reduced Ransom
Initially, the hackers demanded a staggering $1 million from AT&T. However, negotiations led to a reduction in the ransom to less than $400,000. The compromised data could potentially reveal an individual’s friends, home locations, and workplace. AT&T emphasized that the stolen data does not include call or text content, social security numbers, dates of birth, or other personally identifiable information.
Proof of Deletion
WIRED claims to have spoken directly with one of the hackers who provided evidence of the data’s deletion. Additionally, the publisher interviewed a security researcher, known by the online handle “Reddington,” who acted as an intermediary between the hacker and AT&T. Reddington received a fee from AT&T for facilitating the negotiation process.
ShinyHunters: A Notorious Hacking Group
The hacker responsible for the AT&T breach is affiliated with the notorious ShinyHunters group. This group has targeted victims through unsecured Snowflake cloud storage accounts. The incident underscores the importance of robust cybersecurity measures to protect sensitive customer information.
In summary, AT&T’s payment to the hacker highlights the escalating threat of ransomware attacks and the critical need for organizations to safeguard customer data effectively. Remember, vigilance and proactive security practices are essential in today’s digital landscape. Stay informed and protect your data.
