AT&T data theft: 73 million accounts compromised

On March 30, 2024, the US telecoms giant AT&T stated that a database uploaded in mid-March 2024 to the dark web did indeed include “data specific to AT&T.” “Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” explains the Dallas-based company.

The stolen data includes social security numbers and four-digit passwords associated with 73 million accounts. AT&T had reset millions of passwords, in mid-March 2024, right after the stolen data was published on a dark web forum.

The database also contains email and postal addresses, phone numbers and dates of birth. However, it is not believed to contain any banking details or call logs. The telecoms giant stated it was unaware whether the data “originates from AT&T or one of its vendors.”

Cybersecurity researcher Troy Hunt draws a parallel between this story and a data breach in 2021, which AT&T never recognized. If it turns out the company hid such a leak from its customers, it could, according to him, be exposed to a number of class action suits.