AT&T paid $370K to hacker to delete stolen data, report says | Tech Reader

Following AT&T’s admission on Friday that a security breach had impacted tens of millions of its customers, a new report claims that the carrier paid around $370,000 to the hacker to delete all of the stolen data.

The payment was made in cryptocurrency in May, and as part of the deal the hacker had to provide a video that proved the data had been deleted, Wired reported on Sunday.

The news site carried out its own investigations into the payment, and concluded that the transaction did indeed take place.

The telecom giant reportedly negotiated with the hacker through a security researcher calling himself Reddington. The researcher was apparently enlisted by the hacker to help, and AT&T paid him a fee for acting as the intermediary. Wired said the hacker had originally demanded $1 million to delete the data, but ended up accepting around a third of that.

Reddington shared the deletion video with the news site, adding that he was satisfied that it showed the entirety of the stolen dataset being wiped.

The perpetrator is believed to be part of the ShinyHunters hacking group that’s also believed to have been involved in stealing data from unsecured storage accounts operated by U.S. cloud computing company Snowflake.

AT&T has yet to make any public comment about the apparent payment. Tech Reader has reached out to the company for comment and we will update this article when we hear back.

AT&T revealed on Friday that the stolen data included phone call and text message records — but not the actual content — of “nearly all of AT&T cellular customers” from May 1, 2022 to October 31, 2022, as well as on January 2, 2023. The records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers, the company said.

It said it didn’t believe the data was publicly available (this now makes more sense in light of Wired’s report), but added that it would nevertheless notify current and former customers if their information was involved.

It also confirmed that the downloaded data didn’t include details such as Social Security numbers, dates of birth, or other personally identifiable information.

The hack is the second this year to impact AT&T. In March, a breach affected 7.6 million current customers and 65.4 million former ones. Personal information such as names and Social Security numbers was stolen the attack.