Hackers cash in, AT&T’s $370K payout for stolen data deletion

Hackers cash in, AT&T’s $370K payout for stolen data deletion is profiled by BTW Media because published evidence links it to internet infrastructure, governance, operational dependencies, or market visibility.

• AT&T paid over $370,000 to a hacker to delete stolen call records of millions of customers.
• The hacker, part of the ShinyHunters group, provided proof of deletion via video.

OUR TAKE
AT&T’s decision to pay a ransom to a hacker underscores the severity and complexity of cybersecurity threats faced by major corporations. This incident highlights the urgent need for stronger security measures and protocols to protect sensitive data from breaches.
— Zoey Zhu, BTW reporter

What happened

AT&T recently disclosed that hackers stole call records of tens of millions of customers. To mitigate the damage, AT&T paid over $300,000 to a member of the ShinyHunters hacking group to delete the data. The hacker, who initially demanded $1 million but settled for a third of that amount, provided proof of deletion through a video.

WIRED confirmed the payment of 5.7 bitcoin ($373,646) on May 17 using blockchain tracking tools, and TRM Labs verified that the funds were laundered through multiple exchanges. Security researcher Reddington, who mediated the negotiation, alerted AT&T to the breach three months ago after verifying the stolen data.

AT&T acknowledged the breach in a regulatory filing, linking it to a larger hacking spree targeting Snowflake cloud storage accounts. Over 150 companies, including Ticketmaster, Santander, LendingTree, and Advance Auto Parts, were affected.

Also read: AT&T paid $370,000 to delete stolen customer data

Also read: North Korean hackers funnel $150,000 of stolen crypto to Asian firm

Why it’s important

This incident underscores the significant risks and financial costs associated with data breaches. AT&T’s decision to pay a ransom highlights the severe threat posed by sophisticated hacking groups like ShinyHunters. The breach, along with similar incidents affecting major companies, emphasises the critical need for improved security measures, such as multi-factor authentication, to protect sensitive information.

The widespread hacking spree targeting inadequately secured cloud storage accounts reveals vulnerabilities in how companies manage and safeguard their data. As businesses increasingly adopt cloud-based solutions, implementing robust security protocols is crucial to prevent future breaches. The AT&T incident serves as a stark reminder of ongoing cybersecurity challenges and the importance of proactive measures to defend against data theft.