Stay Alert: Hackers Are Selling Repackaged Data Stolen From AT&T

Hackers are peddling the data of millions of AT&T users on a Russian dark web forum.

The data includes full names, dates of birth, phone numbers, email addresses, physical addresses, and 44 million Social Security Numbers (SSNs). It has been available since May 15, according to cybersecurity publication Hackread, which first spotted it.

There’s a huge global market for this type of personal data, with criminals all over the world buying stolen data to attempt everything from credit card fraud to identity theft.

Hackread initially connected the move to AT&T’s mammoth breach announced in July 2024, which impacted “nearly all” of AT&T’s customers. That breach involved scammers accessing Snowflake, a third-party cloud platform used by AT&T, and downloading customer data.

However, AT&T told ZDNet that the new batch of data on the Russian forum is not connected to the Snowflake incident, but rather a separate breach that occurred in March 2024. Back then, the telecom giant notified affected customers, reset users’ passcodes, and offered damage mitigation services like credit monitoring and identity theft protection.

“After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024,” a spokesperson told ZDNet this week. “Affected customers were notified at that time. We have notified law enforcement of this latest development.”

The hackers claim their data contains previously unencrypted data, including Social Security numbers. However, AT&T says that information was available in plain text as part of last year’s hack, so the data up for sale now is nothing new.

How to Protect Yourself

Data security experts recommend that people who believe they have been impacted by a data breach take precautions like changing their passwords and reducing their online footprint to minimize the risk of revealing too much information about themselves, as well as introducing things like multi-factor authentication for all online accounts.

As Hackread notes, meanwhile, your SSNs are probably already out there thanks to the National Public Data hack. (Not that that should be reassuring.) Whether your data is included the AT&T breach or not, though, you should always be on the lookout for phishing emails or texts. Hackers often use stolen data to approach you with legitimate-looking messages in a bid to get you to give up access to online accounts. If it seems sketchy, or emails or texts pop up out of the blue, proceed with caution.

About Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read Will’s full bio

Read the latest from Will McCurdy