Wired: AT&T paid hacker 370,000 dollar to erase stolen data
AT&T supposedly paid the hacker who’s responsible for the recent data theft over 370,000 dollar to delete the data. Furthermore, the American telecommunications company demanded a video that provides proof of the deletion.
According to Wired, the transaction took place on May 17 and was in the amount of 5.72 bitcoin, which is the equivalent of 373,646 dollar at the moment of writing.
The money was then laundered through several cryptocurrency exchanges and wallets. Who controls these wallets remains a mystery. Multiple sources independently confirmed the payment actually took place.
The ransom wasn’t paid directly to the threat actor, but rather via a middleman with the online moniker Reddington. He received a fee for his services from AT&T. The attacker initially demanded 1 million dollar in ransom. Through negotiations both parties settled to a third of that amount.
Earlier this month AT&T made headlines when a hacking group called ShinyHunters claimed to have stolen call and texting logs of millions of AT&T customers. The telecom provider first learned of the data breach in April and reported this in a filing to the Securities and Exchange Commission (SEC).
“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” the company told the SEC, whose job it is to prevent market manipulation. Instead, it included “records of calls and texts of nearly all of AT&T’s wireless customers and customers of mobile virtual network operators (“MVNO”) using AT&T’s wireless network”.
AT&T is one of the 165 organizations whose data was stolen via a third-party called Snowflake, a Boston-based cloud service provider. Due to stolen login credentials of an employee and lack of multi-factor authentication (MFA), ShinyHunters was able to exfiltrate usernames, passwords and session tokens of numerous Snowflake customers, and therefore accessing their accounts and data.
Ticketmaster, Neiman Marcus, Santander and Advanced Auto Parts are other well-known victims of the cybersecurity incident at Snowflake.
Your email address will not be published. Required fields are marked