Three years after a hacker first teased an alleged large theft of AT&T buyer information, a breach vendor this week dumped the complete dataset on-line. It accommodates the private data of some 73 million AT&T clients.

A brand new evaluation of the totally leaked dataset — containing names, house addresses, telephone numbers, Social Safety numbers, and dates of start — factors to the info being genuine. Some AT&T clients have confirmed their leaked buyer information is correct. However AT&T nonetheless hasn’t stated how its clients’ information spilled on-line.

The hacker, who first claimed in August 2021 to have stolen tens of millions of AT&T clients’ information, solely revealed a small pattern of the leaked information on the time, making it troublesome to confirm its authenticity.

AT&T, the most important telephone service in america, stated again in 2021 that the leaked information “doesn’t seem to have come from our techniques,” but it surely selected to not speculate as to the place the info had originated or whether or not it was legitimate.

Troy Hunt, a safety researcher and proprietor of information breach notification website Have I Been Pwned, not too long ago obtained a replica of the complete leaked dataset. Hunt concluded the leaked information was actual by asking AT&T clients if their leaked information had been correct.

In a weblog put up analyzing the info, Hunt stated that of the 73 million leaked information, the info contained 49 million distinctive electronic mail addresses, 44 million Social Safety numbers, in addition to buyer dates of start.

When reached for remark, AT&T spokesperson Stephen Stokes informed TechCrunch in a press release: “We’ve got no indications of a compromise of our techniques. We decided in 2021 that the data provided on this on-line discussion board didn’t seem to have come from our techniques. This seems to be the identical dataset that has been recycled a number of occasions on this discussion board.”

The AT&T spokesperson didn’t reply to comply with up emails by TechCrunch asking if the alleged buyer information was legitimate or the place its clients’ information got here from.

As Hunt notes, the supply of the breach stays inconclusive. And it’s not clear if AT&T even is aware of the place the info got here from. Hunt stated it’s believable that the info originated both from AT&T or “a third-party processor they use or from one other entity altogether that’s solely unrelated.”

What is obvious is that even three years later, we’re nonetheless no nearer to fixing this thriller breach, nor can AT&T say how its clients’ information ended up on-line.

Investigating information breaches and leaks takes time. However by now AT&T ought to have the ability to present a greater clarification as to why tens of millions of its clients’ information is on-line for all to see.

TechCrunch’s Lorenzo Franceschi-Bicchierai contributed reporting.