AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records

US telecom elephantine AT&T, which disclosed Friday that hackers had stolen the telephone records for tens of millions of its customers, paid a subordinate of the hacking squad much than $300,000 to delete the information and supply a video demonstrating impervious of deletion.

The hacker, who is portion of the notorious ShinyHunters hacking radical that has stolen information from a fig of victims done unsecured Snowflake unreality retention accounts, tells WIRED that AT&T paid the ransom successful May. He provided the code for the cryptocurrency wallet that sent the currency to him, arsenic good arsenic the code that received it. WIRED confirmed, done an online blockchain tracking tool, that a outgo transaction occurred connected May 17 successful the magnitude of 5.7 bitcoin. Chris Janczewski, caput of planetary investigations for crypto-tracing steadfast TRM Labs, besides confirmed done their ain tracking instrumentality that a transaction occurred successful the magnitude of astir 5.72 Bitcon (the equivalent of $373,646 astatine the clip of the transaction), and that the wealth was past laundered done respective cryptocurrency exchanges and wallets, but said determination was nary denotation of who controlled the wallets.

A information researcher who asked to beryllium identified lone by his online handle, Reddington, besides confirmed that a outgo occurred. The hacker enlisted him to service arsenic the go-between for their dialog with AT&T, and Reddington received a interest from AT&T for serving successful that capacity.. Reddington provided WIRED with impervious of the interest payment. The hacker initially demanded $1 cardinal from AT&T but yet agreed to a 3rd of that.

WIRED viewed the video that the hacker says helium provided to AT&T arsenic impervious to the telecom that helium had deleted its stolen information from his computer. Reddington says helium believes it was the full AT&T dataset that Binns allegedly stole due to the fact that the hacker and Binns stored the information successful a unreality server that they some could access, and helium says the hacker deleted it from that server.

AT&T did not respond to WIRED’s petition for comment.

It was indirectly done Reddington that AT&T learned astir the information theft 3 months ago.

Reddington tells WIRED that successful mid-April, an American hacker surviving successful Turkey and believed to beryllium John Erin Binns—not the hacker who received payment—contacted him to accidental that helium had obtained Reddington's AT&T telephone logs. After Reddington verified that the telephone logs were real, Binns allegedly told Reddington that helium had besides obtained telephone and texting logs of millions of different AT&T customers done a poorly secured unreality retention relationship hosted by Snowflake. Reddington notified the information steadfast Mandiant astir the breach, and Mandiant past notified AT&T. In a regulatory filing it made to the Securities and Exchange Commission connected Friday, AT&T said that it archetypal learned of the breach successful April.

AT&T is 1 of much than 150 companies that are believed to person had information stolen from poorly secured Snowflake accounts during a hacking spree that unfolded passim April and May. It's been antecedently reported that the accounts were not secured with multi-factor authentication, truthful aft the hackers obtained usernames and passwords for the accounts, and successful immoderate cases authorization tokens, they were capable to entree the retention accounts of companies and siphon their data. Ticketmaster, the banking steadfast Santander, LendingTree, and Advance Auto Parts were each among the victims publically identified to date.