AT&T apparently paid a hacker big bucks to delete stolen phone record data

More than $300,000 allegedly paid to AT&T hackers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A poorly protected Snowflake account has reprotedly cost AT&T more than $300,000 followingthe recent cyberattackagainst the telecom giant.

A few months ago, it was reported that a threat actor managed to compromise more than 150 company accounts on Snowflake, thanks to their poor password hygiene, and not securing their accounts with multi-factor authentication (MFA).

Among them was AT&T, after a hacker who was reportedly part of the ShinyHunters threat actor group, accessed the company’s Snowflake account, and stole sensitive customer data.

Bitcoin ransom

The data included call and text messaging metadata (but not the contents of the communications), telephone numbers of “nearly all” AT&T’s cellular customers, numbers of customers of other wireless carriers who communicated with AT&T customers in mid-2022, and landline phone numbers of people communicating with AT&T customers during the same timeframe.

Apparently, hackers could use the data to identify the owners of individual phone numbers.

At the same time, a different hacker also accessed the same database - John Erin Binns - who later reached out to a security researcher with the alias Reddington, to help facilitate a buyback of the data. These two individuals were apparently asking for $1 million in cryptocurrency, in exchange for permanently deleting the data. AT&T took it down to roughly $300,000, but before the transaction could be made, Binns was arrested in Turkey, for an entirely different cybercrime, allegedly committed in 2021.

In the end, Reddington facilitated the transaction to the ShinyHunters hacker, in the amount of 5.72 bitcoin (around $359,000 at press time). Multiple researchers confirmed that the transaction had taken place, and that the hackers provided video proof that the entire database was wiped.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaWired

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case