AT&T customer data exposing 86 million leaked unclear if a new breach or collection from previous
Learn More
Hackers have leaked what they claim is a database containing personal information of over 86 million AT&T customers.
The leaked database was first posted on a well-known Russian cybercrime forum on May 15, 2025, and was re-uploaded on June 3, 2025, before circulating widely among other hackers and illicit forums.
The threat actors behind the leak claim the data originates from the April 2024 Snowflake cloud platform breach attributed to the ShinyHunters hacking group. Significant questions remain about the true origin of this dataset, as analysis reveals inconsistencies with what was reported in the confirmed Snowflake-related AT&T breach.
According to an analysis the leaked dataset contains approximately 88.3 million records, which reduces to 86 million unique entries after removing duplicates. This figure significantly exceeds the hackers' initial claim of 70 million records and raises questions about the data's true source. The breach appears to affect both current and former AT&T customers, with the exposed information including:
- Full names
- Date of birth
- Phone numbers
- Email addresses
- Physical addresses
- Social Security Numbers (SSNs) in plain text
The most alarming aspect of this leak is that the 43,989,219 Social Security Numbers, which were originally encrypted in previous data exposures, have now been fully decrypted and are circulating in plain text format.
The source of this specific leak remains unclear. The threat actors claim it stems from the April 2024 cyberattack when hackers exploited major security vulnerabilities in the Snowflake cloud data platform. The original Snowflake-related breach reportedly lasted from May 2022 to October 2022 and included some records from January 2023, exposing phone numbers, interaction counts, and call durations of nearly 110 million customers.
There are significant discrepancies between this new leak and the confirmed Snowflake breach: The datasets contain different types of information, with the Snowflake breach focusing on call and text metadata, not personal identifying information found in this latest exposure. This has led to speculation that the current leak may be connected to an earlier 2021 incident where ShinyHunters claimed to possess data from 70 million AT&T customers, which the company initially denied before acknowledging in April 2024.
AT&T has stated "It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain. We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation."
