VX-Underground noticed data purportedly from AT&T being offered on a popular hacking forum:
Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached. No information is available to indicate whether it is a 3rd party compromise, or which ‘division’ this data is from. Regardless, upon review we can confirm the stolen data is legitimate.
While the data may appear to belong to AT&T customers, the source of the data has never been clearly established. In August 2021, when the data originally appeared on the forum as a sales listing by “ShinyHunters,” AT&T claimed that their investigation found that the data did not appear to come from their system. The listing today, which offers the data for 8 tokens, also appears to involve more than one database or source. The listing instructs users to “Grep/replace encrypted values in MASTER with the correct SSN and DOB from other files,” and a forum user comments, “There are two different files, in one txt, in the other several files of a different format.”