July 15, 2024 at 10:06AM
AT&T suffered a data breach resulting in the theft of customer call and text records. The company paid a $370,000 ransom to a hacker, later identified as John Binns, living in Turkey, for deleting the data. While the breach did not expose personal information, it potentially put customers at risk. AT&T is notifying roughly 110 million customers about the incident.
From the meeting notes, it is clear that AT&T recently suffered a significant data breach affecting nearly all of its wireless customers. Hackers exfiltrated records of customer call and text interactions from May 1, 2022, to October 31, 2022, as well as on January 2, 2023. The compromised records identify other phone numbers that impacted customers interacted with, but sensitive personal information such as the content of calls or texts was not impacted.
AT&T has revealed that they paid a hacker roughly $370,000 in bitcoin to prevent the stolen data from being leaked. The hacker, a member of the ShinyHunters group, ultimately deleted the stolen data after receiving the ransom. The AT&T customer data appears to have come from the Snowflake data storage platform, which was compromised through the use of stolen customer credentials.
An American hacker, John Binns, who has been living in Turkey for several years, is linked to the AT&T hack. He was reportedly arrested in Turkey in May 2024 over a separate breach involving T-Mobile. It is also mentioned that Binns and the ShinyHunters hacker stored the full AT&T database on a cloud server from where it was deleted after the company paid a ransom.
I hope this summary effectively captures the key details from the meeting notes. Let me know if you need any further information or clarifications.