CISA Hacked and over 70m files leaked online from AT&T database


In February of this year, the Cybersecurity and Infrastructure Security Agency (CISA) revealed that its systems had been compromised by hackers, exploiting vulnerabilities within Ivanti products utilized by the federal agency.

According to a CISA spokesperson, flaws within Ivanti Connect Secure and Ivanti Policy Secure Gateways are being actively exploited by hackers. Businesses employing these software platforms are advised to remain vigilant regarding cybersecurity developments, as these vulnerabilities could permit hackers to manipulate configuration settings and tamper with security measures on registered devices, potentially resulting in the theft of Personally Identifiable Information (PII).

This breach raises concerns about the security of CISA, the primary agency responsible for investigating cybercrimes, and may lead to a loss of trust in its operations in the near future.

In a concerning turn of events, hackers have recently exposed approximately 70 million records associated with AT&T users, offering them for sale online. These records, containing sensitive information such as social security numbers, dates of birth, addresses, emails, and phone numbers, were apparently obtained through cyber attacks targeting the telecom giant in 2021.

The exact motive behind this recent data dump remains unclear. However, it’s worth noting that in August 2021, a cybercriminal group known as ‘Shiny Hunters’ claimed responsibility for breaching AT&T’s database and stealing records of over 70 million users. Subsequently, they advertised the sale of this data for $1 million.

Initially, AT&T dismissed media reports of the breach as unsubstantiated. However, in January 2022, the telecom company confirmed the validity of the leak.

Adding to the turmoil, another cybercriminal group recently asserted that they had compromised data pertaining to over 9 million wireless customers. Upon investigation by the internet service provider, it was discovered that the criminals had accessed customer proprietary network information in January 2023.

Ad



Source link