AT&T Compensates Hacker $370,000 to Secure Sensitive Customer Data

In a significant cybersecurity incident, AT&T paid over $350,000 to a hacker for deleting stolen phone records, an event that underscores the ongoing challenges in data security.

AT&T’s Response to Data Theft

Last Friday, AT&T disclosed that hackers had accessed tens of millions of its customers’ call records. The telecom giant negotiated with a member of the ShinyHunters, a group notorious for data breaches through insecure Snowflake cloud storage accounts.

The hacker confirmed the receipt of 5.72 bitcoins, approximately $373,646, as payment for deleting the data, which was corroborated by blockchain tracking tools and experts from TRM Labs.

Chris Janczewski of TRM Labs noted that although the money was laundered through various exchanges, the owner of the wallets remains unidentified.

The Role of Reddington in Negotiations

Reddington, a security researcher acting as an intermediary, confirmed that the hacker was initially paid a substantial fee by AT&T. He revealed that AT&T, acting through his guidance, decided to negotiate down from an initial demand of $1 million to about a third of that sum.

Reddington facilitated the negotiations, driven by the gravity of the data’s importance and the potential risk of it being sold. He told WIRED, “Given the critical nature of the data and the potential damages, I felt compelled to ensure it was not sold elsewhere.”

Implications and Ongoing Risks

Despite assurances of the data’s deletion, concerns linger that some data may still be compromised. Reddington, who helped uncover the breach initially through his contact with an American hacker in Turkey, believes all data was removed from the shared cloud server.

However, the possibility that smaller data samples were not deleted could still pose a risk to AT&T customers and their contacts.

The revelation of this breach, delayed by exemptions granted by the Department of Justice, highlights the intricate challenges companies face in protecting customer data against increasingly sophisticated cyber threats.

This incident not only illustrates the vulnerabilities in cloud storage security but also raises questions about the efficacy of paying hackers as a strategy to safeguard sensitive information.