- AT&T paid hackers $300,000 to delete stolen phone record data.
- The incident involved compromised Snowflake accounts and sensitive customer information.
- Legal and cybersecurity concerns arise as AT&T navigates the aftermath of the cyberattack.
In a recent cybersecurity incident, AT&T found itself at the center of a data breach where hackers compromised sensitive customer information.
The telecom giant reportedly paid over $300,000 to hackers to secure and delete stolen phone record data. Here’s a breakdown of what transpired and its implications.
The Data Breach and Compromised Accounts
Several months ago, hackers exploited poorly secured Snowflake accounts, a cloud-based data platform, affecting more than 150 companies due to inadequate password protection and the absence of multi-factor authentication (MFA).
Among these companies was AT&T, where hackers gained access to extensive call and text metadata of cellular and landline customers from mid-2022.
Negotiations and Payment
Following the breach, hackers demanded a ransom of $1 million in cryptocurrency from AT&T to permanently delete the stolen data.
Negotiations led to a reduced amount of approximately $300,000, which AT&T agreed to pay.
However, before the transaction could be completed, one of the hackers, John Erin Binns, was arrested in Turkey for unrelated cybercrimes allegedly committed in 2021.
Transaction and Confirmation
Despite the arrest, a security researcher, known as Reddington, facilitated the transaction between AT&T and the hackers.
The payment of 5.72 bitcoin, equivalent to around $359,000 at the time, was made, accompanied by video proof from the hackers confirming the deletion of the entire compromised database.
Legal and Security Ramifications
The incident raises significant legal and security concerns for AT&T and its customers. The compromised data included sensitive information that could potentially identify phone owners, highlighting the risks associated with cyberattacks on telecommunications companies.
AT&T’s response to the breach and its payment to hackers also sparks debates about cybersecurity practices and the ethical implications of negotiating with threat actors.
As AT&T grapples with the aftermath of this cyberattack, cybersecurity experts emphasize the importance of robust security measures such as MFA and regular security audits to prevent future breaches.
The incident serves as a cautionary tale for businesses worldwide, underscoring the critical need for proactive cybersecurity strategies in safeguarding sensitive customer information.