AT&T Allegedly Pays Hacker $370,000 to Delete Stolen Customer Data
According to a report by Wired, AT&T has paid a hacker approximately $370,000 to delete customer data that was stolen as part of a recent hacking incident. The company negotiated the payment through an intermediary security researcher. The hacker, allegedly a member of the ShinyHunters hacking group, provided a video as proof of data deletion.
AT&T reportedly haggled the payment through a mediator known as Reddington, who represented the hacker. Originally requesting $1 million, the hacker eventually agreed to accept the lowered amount. On May 17th, AT&T paid the ransom in bitcoin. Wired also mentions that Reddington, compensated by AT&T for his involvement in negotiations, expressed belief that the complete copy of the data has been deleted after the ransom was paid. However, there remains a possibility that excerpts of the stolen data might still be circulating.
Notably, Reddington mentioned negotiating on behalf of other companies as well, suggesting that AT&T was not the only target. Prior to AT&T openly acknowledging the breach, the login credentials of a Snowflake employee, a third-party cloud storage company, had reportedly been taken and subsequently used to compromise Ticketmaster and Santander Bank. Wired reports that hackers employed a script to simultaneously target over 160 companies following the Ticketmaster breach.