US telecom giant AT&T recently revealed that hackers managed to steal call records for tens of millions of its customers. However, in a surprising turn of events, AT&T paid one of the hackers more than $300,000 to delete the stolen data and provide evidence of its deletion.
The hacker, who is associated with the ShinyHunters hacking group, disclosed to WIRED that AT&T made the ransom payment in May. The payment was confirmed through a blockchain tracking tool, showing a transaction of 5.7 bitcoin worth approximately $373,646 at the time.
AT&T’s discovery of the breach was indirect, as another individual, known as Reddington, alerted security firm Mandiant after being informed by an American hacker, John Erin Binns, about the stolen data. Binns allegedly accessed AT&T’s call and text logs through an insecure cloud storage account provided by Snowflake.
Reddington’s involvement led to AT&T becoming aware of the breach, which occurred as part of a larger hacking spree targeting over 150 companies with vulnerable Snowflake accounts. The stolen data included call and text metadata, but not the content of the communications or the identities of the phone owners.
Despite the payment and subsequent deletion of the stolen data, concerns remain about potential risks to AT&T customers and others who interacted with them. It was revealed that Binns, the suspected perpetrator behind the breach, was previously arrested in Turkey for an unrelated 2021 data theft incident involving T-Mobile.
Binns’ arrest in May complicated the situation, leading AT&T to deal directly with the hacker who received the ransom payment. The ongoing saga raises questions about the security of sensitive data held by major corporations and the challenges they face in protecting customer information from cyber threats.
In response to the breach, AT&T has taken steps to enhance its security measures and prevent similar incidents in the future. The incident serves as a stark reminder of the persistent threats posed by hackers and the importance of robust cybersecurity protocols to safeguard sensitive data.
