ShinyHunters Selling Alleged AT&T Database with 70 million SSN and Date of birth; AT&T Denies it originated from their systems

It was not a long ago when we encountered a massive data breach at T-mobile, which affected millions of users’ SSN, mobile numbers, driving licenses, etc. This time it seems to be different, and perhaps, more concerning.

The notorious cybercriminal group, ShinyHunters, claims to have gained access to the AT&T database, affecting over 70 Million users’ SSNs and Dates of Birth.

Figure 1: ShinyHunters Post for Selling AT&T database on RaidForums

The actor has put the database for an auction, as shown in the image below.

Figure 2: ShinyHunters group are willing to sell this for $1 Million as a flash sale

ShinyHunters Linked Data Breaches

Several high-profile breaches since 2020 are linked to this group directly. Some of them are below (source: Wikipedia):

Figure 3: ShinuHunters Group linked data breaches. Source –
Figure 4: ShinuHunters Group linked data breaches. Source –

It should be noted that the group is being investigated by multiple law enforcement agencies worldwide, including the FBI.

Failed Extortion Attempt?

The research community has seen a change in its tactics in the last few months. The ShinyHuntes group extorts their victims and often shares their RaidForum profile and media press on the credibility of their claims. If a victim refuses to pay the extortion, the group puts them for sale on cybercrime forums.

Figure 5: ShinyHunters Profile on RaidForums Website


The ShinyHunters group is a known and credible threat actor. The claims made by the group can not be discounted, given their history. On this issue, whether they were able to breach AT&T’s infrastructure, found a misconfigured databases on the internet, or compromised the third party with AT&T information, time will tell us.

Update: “Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.” AT&T commented on the issue.

If the claims are genuine, this might be one of the most sensitive data breaches of 2021.

At the time of writing this blog, there are no known reports or disclosure by AT&T on this alleged data breach.

Our Recommendations 

We have listed some essential cybersecurity best practices that create the first line of control against attackers. We recommend that our readers follow the suggestions given below: 

  • Use strong passwords and enforce multi-factor authentication wherever possible. 
  • Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic.  
  • Use a reputed anti-virus and internet security software package on your connected devices.     
  • Refrain from opening untrusted links and email attachments without verifying their authenticity. 
  • Conduct regular backup practices and keep those backups offline or in a separate network. 

About Us 

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the Darkweb. Its prime focus is to provide organizations with real-time visibility to their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Start-ups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit  

Comments are closed.

Scroll to Top