AT&T, one of the largest mobile carriers in the US, suffered a data breach earlier this year. A group of hackers managed to access the sensitive data of many company clients. Now, a new report claims that AT&T paid the hackers to delete the stolen data.
According to Wired, AT&T paid around $370,000 to hackers from the ShinyHunters group to delete the compromised data. The report indicates that, after payment, the group sent a video showing that it actually deleted the data. Initially, ShinyHunters asked for up to 1 million dollars, but after a stage of negotiations, both parties settled on a lower figure.
ShinyHunters reportedly got $370,000 from AT&T to delete compromised customer data
The negotiation between AT&T and ShinyHunters would have been carried out through an intermediary known as Reddington. The report indicates that the same intermediary has already worked for ShinyHunters in negotiations with other affected companies. The script used for the breach had the potential to compromise the data of more than 160 brands. It is known that big names such as Ticketmaster and Santander Bank are on the list.
Going back to AT&T, the stolen data included up to 6 months of user text and call records. The affected records were those made between May and October 2022. The company had already admitted this year that it suffered a previous hack in 2021, impacting user data from 2019. When news of the latest hack became known, AT&T attempted to calm the waters by claiming that data such as names, Social Security numbers, or dates of birth had not been compromised. However, the info obtained by hackers could be used to track the identities of those affected using online tools.
Reddington claimed that the ShinyHunters group deleted the only existing complete copy of the data. However, the negotiator also warned that there may be excerpts remaining. AT&T would have paid the “fee” in Bitcoin on May 17.
Other big companies were affected
It’s noteworthy that the data breach did not directly attack AT&T. Instead, it attacked Snowflake, a third-party cloud storage company trusted by other large companies. The ShinyHunters group managed to obtain the login credentials of a Snowflake employee. From there, they managed to access private data from third parties.
2024-07-16 15:07:44