AT&T paid $400,000 to a hacker to erase vast troves of call and text logs stolen from its customers. This ransom, discovered through blockchain analysis, sparked concerns over national security and privacy breaches, especially given the magnitude of the data involved. The hacker even provided a video claiming to show the data deletion as proof of their compliance with AT&T’s demands. Despite AT&T’s refusal to confirm the payment, experts speculate on the implications of such a low ransom compared to recent cyber extortion cases, raising questions about how secure our private information truly is in the digital age.
According to a hacker, AT&T Inc. provided them with sensitive call and text logs, and they were paid approximately US$400,000 to delete the vast amount of data.
An examination of a Bitcoin wallet address that the hacker supplied reveals a transaction from mid-May that, according to analysts, corresponds with an extortion payment. The payment from AT&T to the hacker was confirmed by a person with knowledge of the ransomware discussions, who wished to remain anonymous to discuss sensitive things. It wasn’t immediately apparent if AT&T paid hackers through a middleman reports Bloomberg.
Regarding whether AT&T paid a ransom to control the fallout from a hack that would have disclosed a massive cache of call and text logs from almost all of its wireless subscribers over six months in 2022, a representative for the firm declined to comment. Regarding the purported payment, neither the FBI nor the US Department of Justice would comment.
National security dangers arise from the scope and contents of the data, including certain location information. certain experts have noted that the quantity of the alleged ransom payment is remarkably low in comparison to other recent high-profile extortion instances. The data analysis software firm Snowflake Inc. is still dealing with reputational damage from a security incident that included many intrusions, including the hack.
The information, along with a purportedly seven-minute video in which the hacker is seen erasing data, was provided by the hacker in an attempt to prove that they had complied with their agreement with AT&T. The source added that additional hackers participated in the assault. Although the hackers say that additional attackers were involved in the incident, Bloomberg was unable to confirm the veracity of the footage.
Regarding whether the business had received the footage, an AT&T representative declined to comment. On Friday, AT&T stated that it did not think the call and text logs that were stolen had been released to the public.
Chainalysis Inc. reviewed the hacker’s payment record at Bloomberg’s request and cross-referenced it with data from the blockchain, an openly accessible record of cryptocurrency transactions. According to the business, the payment looks to be an extortion scheme wherein an individual put approximately $380,000 worth of Bitcoin into the digital wallet that the hacker had discovered.
A smaller amount was subsequently transferred, according to Chainalysis, from that wallet into another that belonged to a well-known hacker that the company chose not to name.
According to Chainalysis, it was unable to ascertain if AT&T was the original Bitcoin payer.
The transaction took place while AT&T was coordinating with federal law enforcement agents to address the breach and postponed disclosing details to the public due to worries about public safety and national security. According to a regulatory filing, the corporation twice postponed disclosure: on May 9 and again on June 5, with the Justice Department’s agreement.
When compared to ransom threats and payments for other recent high-profile data breaches, the purported amount is quite little. Colonial Pipeline Co., for example, paid a hacking group $4.4 million after a ransomware attack in 2021 forced it to shut down, sabotaging US East Coast gas supplies; meanwhile, UnitedHealth Group Inc. paid a cybercrime group $22 million following a February breach of its subsidiary, Change Healthcare.
“For a big company like AT&T, $380,000 is a drop in the ocean,” said Jon DiMaggio, chief security strategist at Analyst1, who responded to questions from Bloomberg but wasn’t involved in responding to the breach of AT&T data. According to him, the reason for the comparatively low ransom payment could be that the hacker was unable to access any financial documents.
The hacker claimed they had no idea who could be interested in buying the material they had taken from AT&T, nor did they think it was valuable.
According to a Snowflake spokesman, the breach of AT&T data was a component of a wider scheme that the business revealed last month, in which hackers gained access to as many as 165 of its clients by using stolen login credentials.
Last month, GreatGameInternational reported that the US Supreme Court will decide Facebook’s fate in a massive data-harvesting scandal. This follows a class-action lawsuit alleging that Meta disclosed personal information of up to 87 million customers to other parties, including Cambridge Analytica, on June 10.