AT&T paid $370K to one of the hackers who stole customer data

Just the other day we told you that AT&T had been the victim of a hacking campaign that stole customer records from the carrier from May 1 to October 30, 2022. A published report reveals that AT&T paid a member of the team that hacked into its records more than $300,000 to delete the data. As proof that the hacker erased the stolen data, AT&T requested that it be sent a video for proof of deletion. Originally, the hacker demanded $1 million to delete the data but settled for more than a third of that amount.

The hacker who got paid by AT&T to delete the data that he had helped steal, is believed to be a member of the ShinyHunters hacking team. He told WIRED that AT&T paid what was characterized as ransom in May through a payment of 5.7 bitcoins which was valued at over $373,000 at the time of the transaction. A security researcher, who acted as a liaison between the hacker and AT&T, confirmed that the payment was made and he was paid by AT&T for handling that task.

The aforementioned security researcher, known by his online name Reddington, had been contacted in mid-April by another hacker (not the one who was paid by AT&T) who told him that he had millions of call and texting logs from AT&T which were obtained through a poorly secured cloud storage account hosted by Snowflake.

The data stolen from AT&T included metadata for calls and text messages; this information did not include the content of calls and messages and the names of the phone owners according to AT&T's SEC filing. However, Reddington was shown by the hacker he was talking to how he could use a reverse look-up that could identify the owners of the stolen numbers as well as family members, colleagues, and others connected to the phone numbers.

AT&T's SEC filing also indicated that the stolen data included phone numbers of "nearly all" of the carrier's cellular customers, and the phone numbers of those using other wireless providers who exchanged calls and messages with AT&T customers during certain dates. The time period of the hacked data includes calls and messages made between May 1, 2022, and October 31, 2022, and January 2, 2023. Phone numbers of calls made to AT&T customers using a landline were included along with the date of the communication and the duration of each call.

Even with the deletion of the data, there is some fear that some AT&T customers and the people who communicated with them are still at risk since some might have samples of the data that were not deleted. AT&T, however, tells me that they do not believe the data is publicly available.