AT&T allegedly paid hackers 370,000 dollars to delete stolen data
Cyber criminals had obtained millions of customer data from the US telephone giant. AT&T paid the attackers to delete the data and received video evidence.
(Image: Tero Vesalainen/Shutterstock.com)
AT&T has apparently paid one of the cyber criminals around 370,000 US dollars to delete the millions of customer data they had previously stolen. The US telecommunications giant received a video showing the deletion of the data as proof. An intermediary who conducted the negotiations with AT&T on behalf of the attackers confirms the deletion, but does not want to rule out the possibility that some customer data could still reappear.
Previously, cyber criminals had obtained the data of almost all AT&T customers following a mega security breach. The US telecommunications company confirmed this at the end of last week and admitted a massive security failure. According to the report, AT&T customer data was illegally downloaded from a third-party cloud platform. The downloaded data consists of phone call and text message records of almost all AT&T mobile customers from May 1, 2022 to October 31, 2022 and January 2, 2023. This metadata could be used to identify other phone numbers. This also includes landline customers.
Bitcoin ransom money already laundered
Now the IT magazine Wired reports, citing an intermediary known only as "Reddington", that the data thieves had originally demanded 1 million dollars from AT&T, but settled for around 370,000 dollars after negotiations. Reddington acted on behalf of the well-known hacker group ShinyHunters and provided AT&T with the payee's details.
Videos by heise
In mid-May, 5.72 Bitcoin were transferred to the corresponding crypto wallet, which was worth 372,646 dollars at the time. The cryptocurrency was then transferred via other crypto exchanges and wallets for money laundering purposes. So far, there is no information about who owns the wallets in question. The middleman was paid extra for his services by AT&T, writes Wired. Reddington also claims to have negotiated with other companies for the ShinyHunters.
ShinyHunters repeatedly exploit loopholes in Snowflake
This hacker group recently carried out a break-in at Ticketmaster's parent company, Live Nation. To emphasize the ransom demand of 2 million dollars, 170,000 Taylor Swift tickets were "given away" by the cyber criminals. The ShinyHunters had published barcodes for tickets to nine Taylor Swift concerts in the infamous "Breachforum". They also linked instructions on how to create valid tickets from the barcodes.
This data theft also exploited a leak discovered in April at cloud data giant Snowflake. This company had recently been the target of several attacks in which customer data was illegally copied and in some cases already offered for sale on the darknet. The provider enables its corporate customers to analyze huge amounts of information about end users in the computer clouds. Snowflake has blamed its customers for the security breaches because they did not use multi-factor authentication to secure their accounts.
(fds)
