{ "id": "4682cc1d-46a9-42ad-9cfa-1ff07a2ee772", "created_at": "2026-04-06T00:16:07.555854Z", "updated_at": "2026-04-10T03:34:59.542043Z", "deleted_at": null, "sha1_hash": "341da661c35272b05b6af52ef6fc2ed19babea63", "title": "AT\u0026T confirms data for 73 million customers leaked on hacker forum", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1009782, "plain_text": "AT\u0026T confirms data for 73 million customers leaked on hacker forum\r\nBy Lawrence Abrams\r\nPublished: 2024-03-30 · Archived: 2026-04-02 12:18:31 UTC\r\nAT\u0026T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially\r\ndenying the leaked data originated from them.\r\nThis comes after AT\u0026T has repeatedly denied for the past two weeks that a massive trove of leaked customer data originated\r\nfrom them and or that their systems had been breached.\r\nWhile the company continues to say there is no indication their systems were breached, it has now confirmed that the leaked\r\ndata belongs to 73 million current and former customers.\r\nhttps://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/\r\nPage 1 of 5\n\nhttps://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million\r\ncurrent AT\u0026T account holders and approximately 65.4 million former account holders,\" AT\u0026T said in a statement shared\r\nwith BleepingComputer.\r\nThe company further says that the security passcodes used to secure accounts were also leaked for 7.6 million customers. \r\nIn 2021, a threat actor known as Shiny Hunters claimed to be selling the stolen data of 73 million AT\u0026T customers. This\r\ndata includes names, addresses, phone numbers, and, for many customers, social security numbers and birth dates.\r\nAt the time, AT\u0026T denied that they suffered a breach or that the data originated from them.\r\nFast forward to 2024, and another threat actor leaked the massive dataset on a hacking forum, stating it was the same data\r\nstolen by Shiny Hunters.\r\nBleepingComputer analyzed the data and determined that it contained the same sensitive information that ShinyHunters\r\nclaimed was stolen. However, not every customer had their social security number or birth date exposed by the incident.\r\nPost on hacking forum leaking alleged AT\u0026T data from 2021 breach\r\nSource: BleepingComputer\r\nAT\u0026T once again denied that they suffered a breach or that the data originated from them.\r\nHowever, BleepingComputer has spoken to over 50 AT\u0026T and DirectTV customers since the data was leaked, and they told\r\nus that the leaked data contains information that was only used for their AT\u0026T accounts.\r\nThese customers stated that they used the disposable email feature of Gmail and Yahoo to create DirectTV or AT\u0026T-specific\r\nemail addresses that were only used when they signed up for their service.\r\nThese email addresses were confirmed not to be used on any other platform, indicating that the data had to have originated\r\nfrom DirectTV or AT\u0026T.\r\nTroy Hunt also confirmed similar information from customers after the data was added to the Have I Been Pwned data\r\nbreach notification service.\r\nHowever, after contacting AT\u0026T numerous times with this information, the company has not responded to further emails\r\nuntil today.\r\nDirectTV ultimately told BleepingComputer that we would need to contact AT\u0026T with further questions as the data predates\r\ntheir spinoff, and they no longer have access to AT\u0026T systems to confirm.\r\nhttps://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/\r\nPage 3 of 5\n\nToday, AT\u0026T told BleepingComputer that they would only share further information about the breach in their published\r\nstatement and a new page on keeping AT\u0026T accounts secure.\r\nThe page on keeping accounts secure further discloses that the passcodes for 7.6 million AT\u0026T customers were\r\ncompromised as part of the breach and have been reset by the company.\r\nCustomers use passcodes to further secure their AT\u0026T accounts by requiring them to receive customer support, manage\r\naccounts at retail stores, or sign into their online accounts.\r\n\"It has come to our attention that a number of AT\u0026T passcodes have been compromised,\" reads the new AT\u0026T advisory.\r\n\"We are reaching out to all 7.6M impacted customers and have reset their passcodes. In addition, we will be communicating\r\nwith current and former account holders with compromised sensitive personal information.\"\r\nTechCrunch first reported on the compromised passcodes after being contacted by a researcher who said the leaked data\r\ncontained encrypted passcodes for millions of users.\r\nAT\u0026T further says that the data appears to be from 2019 and earlier and does not contain personal financial information or\r\ncall history.\r\nThe company will notify all 73 million former and current customers about the breach and the next steps they should take.\r\nAT\u0026T customers can also use Have I Been Pwned to determine if their data was compromised in this breach.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/\r\nPage 4 of 5\n\nSource: https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/\r\nhttps://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/" ], "report_names": [ "atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum" ], "threat_actors": [ { "id": "c071c8cd-f854-4bad-b28f-0c59346ec348", "created_at": "2023-11-08T02:00:07.132524Z", "updated_at": "2026-04-10T02:00:03.422366Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "MISPGALAXY:ShinyHunters", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2", "created_at": "2025-10-24T02:04:50.086223Z", "updated_at": "2026-04-10T02:00:03.770068Z", "deleted_at": null, "main_name": "GOLD CRYSTAL", "aliases": [ "Scattered LAPSUS$ Hunters", "ShinyCorp", "ShinyHunters" ], "source_name": "Secureworks:GOLD CRYSTAL", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "d8dff631-87b0-4320-8352-becff28dbcf1", "created_at": "2022-10-25T16:07:24.565038Z", "updated_at": "2026-04-10T02:00:05.034516Z", "deleted_at": null, "main_name": "ShinyHunters", "aliases": [], "source_name": "ETDA:ShinyHunters", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434567, "ts_updated_at": 1775792099, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/341da661c35272b05b6af52ef6fc2ed19babea63.pdf", "text": "https://archive.orkl.eu/341da661c35272b05b6af52ef6fc2ed19babea63.txt", "img": "https://archive.orkl.eu/341da661c35272b05b6af52ef6fc2ed19babea63.jpg" } }