AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company.
  • Admiral Patrick@dubvee.orgEnglish
    5·
    8 months ago

    BleepingComputer asked AT&T if it was possible the data came from a third-party service provider or vendor but has not received a response at this time.

    That was my thought: AT&T didn’t get breached and leak the customer data of 71 million themselves. They merely sold that data to a third party who got breached and leaked the customer data of 71 million people.

    • swayevenly@lemm.eeEnglish
      3·
      8 months ago

      So this was pretty old and customers got notified by AT&T that it was a 3rd party vendor they were selling data to.

      • coffeeClean@infosec.pubEnglish
        1·
        8 months ago

        Okay, so it’s either:

        • incompetence (getting breached); or
        • malice (selling your data)

        They might have been better off claiming incompetence. OTOH, we already know AT&T is malicious from project Fairview, so perhaps in the end it’s better for PR to just stay in the malicious lane and not be regarded as both malicious and incompetent.