Share this article on:
US multinational telco AT&T has reportedly paid a ransom of nearly $400,000 after it suffered a major ransomware attack that affected almost all of its customers.
On 12 July, AT&T advised its customers that between 14 April and 25 April 2024, threat actors downloaded the data of its customers on a third-party platform.
The compromised data includes “records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers”, AT&T said.
The breach reportedly affected almost all of the telco’s customers, of which it had 114.5 million as of March 2024, according to Wikipedia.
Now, AT&T has reportedly forked over $370,000 in ransom to the threat actors behind the attack.
According to a report by WIRED, AT&T negotiated with a member of the ShinyHunters threat group through an intermediary called Reddington.
Originally, ShinyHunters was asking for a $1 million ransom, but it was negotiated down to the $370,000 figure, which was then paid as roughly 5.72 bitcoins on 17 May. Reddington was also paid by AT&T.
Reddington was also indirectly responsible for AT&T discovering the breach in the first place.
As he told WIRED, Reddington said he was contacted by an American hacker based in Turkey saying he had obtained Reddington’s call logs. After Reddington confirmed the legitimacy of those logs, the hacker, who is believed to be John Erin Binns, who is known for hacking T-Mobile’s database, said he had discovered a database containing the call and text logs of millions of AT&T customers.
The database was discovered through a poorly secured cloud storage account hosted by Snowflake.
Upon discovery, Reddington informed Google’s security firm Mandiant, which then notified AT&T.
Reddington said he believes that following the ransom being paid, the only copy of the stolen data was deleted, as both Binns and the hacker were able to access the cloud storage containing the data.
While Binns is believed to be behind the breach, he was not the threat actor who was paid the ransom.
AT&T is yet to confirm the claims that it paid the ransom.