{
	"id": "e9c2489a-6090-4084-89c8-fae778f1f597",
	"created_at": "2026-04-06T00:12:56.654639Z",
	"updated_at": "2026-04-10T03:34:59.514361Z",
	"deleted_at": null,
	"sha1_hash": "274e4872fa4afddd7e010d969f74e4e229d5f51f",
	"title": "AT\u0026T denies data breach after hacker auctions 70 million user database",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2937306,
	"plain_text": "AT\u0026T denies data breach after hacker auctions 70 million user database\r\nBy Lawrence Abrams\r\nPublished: 2021-08-20 · Archived: 2026-04-05 15:13:20 UTC\r\nAT\u0026T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing\r\nthe personal information of 70 million customers. \r\nThe threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of\r\n$200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.\r\nThreat actor selling AT\u0026T database on a hacking forum\r\nFrom the samples shared by the threat actor, the database contains customers' names, addresses, phone numbers, Social\r\nSecurity numbers, and date of birth.\r\nhttps://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nA security researcher who wishes to remain anonymous told BleepingComputer that two of the four people in the samples\r\nwere confirmed to have accounts on att.com.\r\nOther than these few details, not much is known about the database, how it was acquired, and whether it is authentic.\r\nHowever, ShinyHunters is a well-known threat actor with a long history of compromising websites and developer\r\nrepositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly\r\nto other threat actors or utilize a middle-man data breach seller.\r\nIn many cases, when a database is not sold, ShinyHunters will release it for free on hacker forums.\r\nIn the past, ShinyHunters has breached numerous companies, including Wattpad, Tokopedia, Microsoft's GitHub\r\naccount, BigBasket, Nitro PDF, Pixlr, TeeSpring, Promo.com, Mathway, and many more.\r\nAT\u0026T denies suffering a breach\r\nAfter learning of the threat actor's claims, BleepingComputer reached out to AT\u0026T to see if the data belonged to them.\r\nIn multiple emails, AT\u0026T has told BleepingComputer that the data is not from their systems and has not recently been\r\nbreached.\r\n\"Based on our investigation today, the information that appeared in an internet chat room does not appear\r\nto have come from our systems.\" - AT\u0026T.\r\nWhen asked whether the data may have come from a third-party partner, AT\u0026T chose not to speculate.\r\n\"Given this information did not come from us, we can't speculate on where it came from or whether it is valid,\" AT\u0026T told\r\nus in a follow-up email.\r\nShinyHunters has told BleepingComputer that they are not surprised that AT\u0026T denies the breach and continues to state that\r\nit comes from them.\r\n\"I don't care if they don't admit. I'm just selling,\" ShinyHunters told BleepingComputer.\r\nWhile ShinyHunters states that they did not contact AT\u0026T, they said they are willing to \"negotiate\" with the company.\r\nWhen we asked the threat actor for further information about the breach, ShinyHunters refused to provide any other details.\r\nThis news comes soon after a different threat actor tried to sell the stolen data of 100 million T-Mobile customers.\r\nT-Mobile latest confirmed they were hacked, and the cyberattack exposed the personal data of 48 million T-Mobile\r\ncustomers.\r\nhttps://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/\r\nhttps://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/"
	],
	"report_names": [
		"atandt-denies-data-breach-after-hacker-auctions-70-million-user-database"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "9041c438-4bc0-4863-b89c-a32bba33903c",
			"created_at": "2023-01-06T13:46:38.232751Z",
			"updated_at": "2026-04-10T02:00:02.888195Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove"
			],
			"source_name": "MISPGALAXY:Nitro",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a2b44a04-a080-4465-973d-976ce53777de",
			"created_at": "2022-10-25T16:07:23.911791Z",
			"updated_at": "2026-04-10T02:00:04.786538Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove",
				"Nitro"
			],
			"source_name": "ETDA:Nitro",
			"tools": [
				"AngryRebel",
				"Backdoor.Apocalipto",
				"Chymine",
				"Darkmoon",
				"Farfli",
				"Gen:Trojan.Heur.PT",
				"Gh0st RAT",
				"Ghost RAT",
				"Moudour",
				"Mydoor",
				"PCClient",
				"PCRat",
				"Poison Ivy",
				"SPIVY",
				"Spindest",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434376,
	"ts_updated_at": 1775792099,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/274e4872fa4afddd7e010d969f74e4e229d5f51f.pdf",
		"text": "https://archive.orkl.eu/274e4872fa4afddd7e010d969f74e4e229d5f51f.txt",
		"img": "https://archive.orkl.eu/274e4872fa4afddd7e010d969f74e4e229d5f51f.jpg"
	}
}