This could very well happen, if another AT&T breach occurs – and SOCRadar’s Dark Web Team has come across a new listing on the dark web that advertises what is described as unauthorized access to AT&T‘s internal systems.
The individual (or individuals) behind the post claims to have maintained undetected, long-term access within the company’s Tier 1 infrastructure by deploying a custom load that has remained active for over three weeks. The post further states that this access allegedly provides visibility into more than 24 million active customer accounts, with the ability to fully read, write, and sync data in real time.
A screenshot was shared as proof, and the access is being offered for sale at a price of $100,000, with payment only accepted in crypto.
The “currency” is not surprising, given that dark web marketplaces first gained traction with Silk Road in 2011, which accepted Bitcoin as payment and coincided with a major surge in the currency’s value. Over time, Monero emerged as a secondary option, favored for its advanced privacy features like ring signatures that obscure transactions. These qualities have made cryptocurrencies a cornerstone of cybercrime for more than a decade.
AT&T definitely has experience with data breaches
In 2023, AT&T faced major data breaches that exposed information from tens of millions of customers, leading to a class-action lawsuit. The company agreed to settle for $177 million, a deal recently approved by US District Judge Ada Brown in Dallas, who described the outcome as fair and reasonable.
The breaches, disclosed in May and July, allowed access to call logs, texts, and personal details of current and former customers. Victims able to show financial losses tied directly to the incidents may receive up to $5,000, while others whose data was accessed will receive smaller payments. AT&T has denied responsibility, saying it agreed to settle only to avoid lengthy litigation. Payouts are expected in early 2026 once final approval is granted.
While we deny the allegations in these lawsuits that we were responsible for these criminal acts, we have agreed to this settlement to avoid the expense and uncertainty of protracted litigation.
– AT&T to Nexstar via email, 2025
One of the breaches involved call and text data stored on the Snowflake cloud platform, while another surfaced in March 2024, tied to data released on the dark web affecting 7.6 million current and 65.4 million former customers. The FCC is also investigating why an expired AT&T cloud vendor retained and later exposed data from 8.9 million customers dating back to 2015–2017, information that should have been deleted years earlier. For that incident, AT&T agreed to pay a $13 million FCC fine.
“Iconic Phones” is coming this Fall!
Good news everyone! Over the past year we’ve been working on an exciting passion project of ours and we’re thrilled to announce it will be ready to release in just a few short months.
LEARN MORE AND SIGN UP FOR EARLY BIRD DISCOUNTS HERE
#ATT #breached #hacker #selling #access #million #users #data
