The same hacker who breached T-Mobile’s network late last week is now selling 70 million records of AT&T’s customers.
The group, which goes by the name ShinyHunters, has put up for sale 70 million records on a hacker forum for a starting price of $200,000. According to them, the data has been stolen from AT&T.
ShinyHunters is a group of hackers that have been responsible for many high-profile breaches. According to Hackread, they have targeted companies such as Mashable, 123RF, Minted, and Animal Jam.
The data put up for sale includes the names, social security numbers, email addresses, and dates of birth of AT&T customers.
AT&T denied that the data was stolen from them and claimed that it was either inauthentic or collected from other sources.
“Based on our investigation today, information that appeared in an internet chat room does not appear to have come from our systems,” said the cellphone carrier.
In 2015, the company was fined $25 million for an insider breach. And in May, it was revealed that a threat actor was looking for an insider who could help them perform an attack on AT&T.
The recent incident happened just days after another major mobile service provider, T-Mobile, confirmed a data breach. At the time, the database breach affected over 40 million of its past, current, and prospective users.
After discovering a breach in its systems, T-Mobile immediately closed the access point and alerted law enforcement authorities.
“Our preliminary analysis is that approximately 7.8 million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” the company said in a press release.
This kind of data is routinely sold on forums and used by threat actors for social engineering and identity theft.