JuSun/Getty Images
Hackers on the dark web are hawking a database of 86 million customer records that they claim were stolen in an AT&T breach last year. The data in question was posted on a Russian cybercrime forum on May 15 and then uploaded again on June 3, apparently garnering attention from other cybercriminals and potential buyers.
Based on an analysis by cybersecurity news platform Hackread, the data contains dates of birth, phone numbers, email addresses, street addresses, and even social security numbers. The hackers say that the dates of birth and social security numbers were originally encrypted but have since been decrypted and are now visible in plain text.
Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more
Individually, any one of those pieces of data can be exploited by the wrong people. Collectively, they could easily put affected customers at risk for account takeovers and identity theft.
The records are being linked to the same ones compromised by cybercriminals in a data breach that AT&T announced in July of 2024. Affecting “nearly all AT&T cellular customers,” the company said at the time that the data included phone numbers and certain phone call data stemming from May 1, 2022, to October 31, 2022, and on January 2, 2023.
AT&T blamed the breach on vulnerabilities with its third-party Snowflake cloud platform, which houses the customer records. At that time, the carrier said it didn’t believe the data was publicly available.
Also: 7 password rules security experts live by in 2025 – the last one might surprise you
AT&T paid a hacker associated with the ShinyHunters cybercriminal group $373,000 in Bitcoin to remove the stolen data and provide proof that it was deleted, according to Wired. With law enforcement involved, one suspect was arrested and eventually convicted.
Responding to questions from ZDNET about the latest claim, a spokesperson for AT&T shared the following statement: “It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain. We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation.”
However, AT&T previously asserted that no names, dates of birth, or social security numbers were compromised in the Snowflake breach, but the records now on the dark web contain all of those pieces of data and more.
Also: I clicked on four sneaky online scams on purpose – to show you how they work
In March 2024, the company revealed that customer data from 2019 and earlier had been leaked on the dark web, affecting 7.6 million existing AT&T subscribers and 65.4 million former account holders. This leak reportedly included full names, dates of birth email addresses, mailing addresses, phone numbers, social security numbers, and AT&T account numbers.
What customers can do
If you are an AT&T customer, what should you do at this point?
“The original breach of sensitive records from AT&T was enough to worry their customers,” Thomas Richards, Infrastructure Security Practice Director at security provider Black Duck, told ZDNET. “Now it poses significant risk to their identities. With both date of birth and SSNs being compromised, malicious actors have all the information they need to conduct fraud and impersonate AT&T customers. If they haven’t already, the affected users should be notified and actively monitor their credit for any signs of fraud.”
Also: Stop paying for antivirus software. Here’s why you don’t need it
Beyond monitoring your credit, you may want to change your AT&T password and set up multi-factor authentication for your account, if you haven’t already done so. You should also consider freezing your credit so that no new accounts can be opened in your name until or unless you unfreeze it.
The problem with social security numbers
Perhaps most troubling, though, is the leak of social security numbers, which have been used for almost 90 years to track the earnings of Americans to determine their retirement and disability benefits. But in this age of cybercrime, these numbers have become vulnerable. By linking an SSN with your name and other data, a criminal can easily take over your account or steal your identity.
Unlike your phone number or email address, you can’t easily change your social security number. The SSA will issue new numbers under certain circumstances, including identity theft. But you have to prove ongoing hardship as a result of the old number being compromised.
Trey Ford, Chief Information Security Officer at crowdsourced cybersecurity firm Bugcrowd offers an interesting take.
“In 2025, the United States is still relying on a static number (Social Security Number) as the universal secret identity code enabling miscreants to abuse our identity,” Ford told ZDNET.
Also: The best password managers: Expert tested
“There are organizations selling monitoring that profit off this problem space,” he added. “What will it take for us to ruin the SSN’s usefulness to bad actors, to de-value the SSN as loot to be stolen for profit – and to adopt a more meaningful, better controlled, more transparent, and FAR more secure option? It is time to consider the SSN a part of public record, just like your name, address, and phone number, and institute a central and federated technical control system for authenticating and authorizing the use of identity records.”
