Personal data from 73 million AT&T customers has leaked onto the dark web, reports CNN — both current and former customers. AT&T has launched an investigation into the source of the data leak... In a news release Saturday morning, the telecommunications giant said the data was "released on the dark web approximately two weeks ago," and contains information such as account holders' Social Security numbers. ["The information varied by customer and account," AT&T said in a statement, " but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode."] "It is not yet known whether the data ... originated from AT&T or one of its vendors," the company added. "Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set." The data seems to have been from 2019 or earlier. The leak does not appear to contain financial information or specifics about call history, according to AT&T. The company said the leak shows approximately 7.6 million current account holders and 65.4 million former account holders were affected. CNN says the first reports of the leak came two weeks ago from a social media account claiming "the largest collection of malware source code, samples, and papers. Reached for a comment by CNN, AT&T had said at the time that "We have no indications of a compromise of our systems." AT&T's web site now includes a special page with an FAQ — and the tagline that announces "We take cybersecurity very seriously..." "It has come to our attention that a number of AT&T passcodes have been compromised..." The page points out that AT&T has already reset the passcodes of "all 7.6 million impacted customers." It's only further down in the FAQ that they acknowledge that the breach "appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and 65.4 million former account holders." Our internal teams are working with external cybersecurity experts to analyze the situation... We encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via Freecreditreport.com... We will reach out by mail or email to individuals with compromised sensitive personal information and offering complimentary identity theft and credit monitoring services... If your information was impacted, you will be receiving an email or letter from us explaining the incident, what information was compromised, and what we are doing for you in response.

Read more of this story at Slashdot.

An anonymous reader quotes a report from BleepingComputer: AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping. The data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million. AT&T told BleepingComputer then that the data did not originate from them and that its systems were not breached. "Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems," AT&T told BleepingComputer in 2021. When we told ShinyHunters that AT&T said the data did not originate from them, they replied, "I don't care if they don't admit. I'm just selling." AT&T continues to tell BleepingComputer today that they still see no evidence of a breach in their systems and still believe that this data did not originate from them. Today, another threat actor known as MajorNelson leaked data from this alleged 2021 data breach for free on a hacking forum, claiming it was the data ShinyHunters attempted to sell in 2021. This data includes names, addresses, mobile phone numbers, encrypted date of birth, encrypted social security numbers, and other internal information. However, the threat actors have decrypted the birth dates and social security numbers and added them to another file in the leak, making those also accessible. BleepingComputer has reviewed the data, and while we cannot confirm that all 73 million lines are accurate, we verified some of the data contains correct information, including social security numbers, addresses, dates of birth, and phone numbers. Furthermore, other cybersecurity researchers, such as Dark Web Informer, who first told BleepingComputer about the leaked data, and VX-Underground have also confirmed some of the data to be accurate. Despite AT&T's statement, BleepingComputer says if you were an AT&T customer before and through 2021, it's "[safe] to assume that your data was exposed and can be used in targeted attacks." Have I Been Pwned's Troy Hunt writes: "I have proven, with sufficient confidence, that the data is real and the impact is significant."

Read more of this story at Slashdot.