AT&T users, beware – your most sensitive personal information may be floating around the darkest corners of the internet.
The massive 2024 data breach involving 86 million AT&T customer records is back in the spotlight after the stolen data resurfaced – twice – on Russian cybercrime forums. What’s alarming isn’t just the leak itself, but that the data, which includes full names, phone numbers, physical and email addresses, dates of birth, and an astonishing 44 million Social Security Numbers, is now in plain text.
Originally, the Social Security Numbers (SSNs) and birthdates were encrypted. That protection has been stripped away, meaning anyone with access can build full customer profiles. The leaked info allows bad actors to impersonate users, apply for loans, or even hijack their phone numbers with SIM swap attacks – a technique where a hacker transfers your number to a new SIM card and gains control of your digital identity.
Imagine your phone suddenly going dead – and moments later, the hacker has changed your email passwords, drained your crypto wallet, and accessed your bank accounts. That’s the level of threat we’re talking about.
The group allegedly responsible, ShinyHunters, previously offered the stolen data in 2024. According to reports from HackRead.com, the leak has now been recycled and reposted, raising suspicions that it’s being bundled again to lure new buyers or cause fresh damage.
AT&T responded with a familiar playbook: downplay and deflect. In a recent statement, the telecom giant acknowledged the reports but insisted it’s “repackaged data” from March 2024. They say affected customers were already informed and law enforcement has been updated.
Still, cybersecurity experts warn that even if you’ve been notified, your exposure may now be worse. The reappearance of this data in unencrypted form adds a new layer of danger. Anyone using their AT&T number for 2FA or sensitive financial communications should act immediately. Reset your passwords, enable two-factor authentication using non-SMS methods, and place fraud alerts with credit bureaus.
And if you thought this was a one-off? Think again. The bigger issue here is systemic: as our digital identities become more centralized and convenient, they also become easier to steal. The internet isn’t just where you live now – it’s where you’re vulnerable.
2 comments