Recently, AT&T fell victim to a hacking campaign that resulted in the theft of customer records from May 1 to October 30, 2022. Reports suggest that AT&T paid over $300,000 to a member of the hacking team to delete the stolen data. To ensure the data was erased, AT&T requested a video as proof of deletion. Initially, the hacker demanded $1 million but settled for a lower amount.

The hacker involved in deleting the stolen data is believed to be part of the ShinyHunters hacking group. This individual received payment from AT&T in May through a transaction involving 5.7 bitcoins valued at over $373,000 at that time. A security researcher known as Reddington served as a liaison between the hacker and AT&T, confirming that the payment was made.

Reddington was contacted by another hacker in mid-April who claimed to have obtained millions of call and texting logs from AT&T through a poorly secured Snowflake cloud storage account.

The stolen data included metadata for calls and text messages but did not contain the actual content or names of phone owners according to AT&T’s SEC filing. However, Reddington was shown how a reverse look-up could identify phone number owners and their connections.

AT&T’s SEC filing indicated that nearly all cellular customers’ phone numbers were compromised, along with those who communicated with AT&T customers using other wireless providers during specific dates. The hacked data covered calls and messages made between May 1, 2022, and October 31, 2022, as well as January 2, 2023.

Despite efforts to delete the data, there are concerns that some individuals may still be at risk if they possess unretrieved samples of the compromised information. It is crucial for both AT&T customers and those who interacted with them during the affected period to stay vigilant about potential risks associated with this security breach.