A threat actor is allegedly selling live access to the core infrastructure of AT&T, a major American multinational telecommunications company headquartered in Dallas, Texas. AT&T is one of the largest telecommunications providers in the United States, offering mobile and fixed-line services to millions of customers. The seller claims to have established a persistent foothold within the company’s Tier 1 infrastructure, gaining interactive read/write access to a database containing the information of approximately 24 million active subscribers. This level of access would allegedly enable the perpetrator to conduct SIM swaps and intercept One-Time Passwords (OTPs), posing a severe security risk to affected customers.
According to the post on a dark web forum, the threat actor has maintained their presence within AT&T’s systems for over three weeks without being detected. As proof of their claims, they shared a screenshot of what appears to be a database management tool showing subscriber data. The actor emphasized that this is not a static data leak but a live, interactive system with real-time synchronization, which they are offering for sale for $100,000 in Bitcoin. The exposed data fields allegedly include:
- Phone Number
- Device Type (iPhone/Android)
- Registration Date
- Last Activity Date
- Account Status
