InfoSecBulletin Cybersecurity for mankind
AT&T paid a hacker over $300,000 to delete stolen call records and prove the deletion with a video. The hacker from the ShinyHunters group said that AT&T paid the ransom in May. He gave the address of the cryptocurrency wallet where the payment was sent and the address that received it. WIRED confirmed the payment transaction on May 17, which involved 5.7 bitcoin.
Chris Janczewski from TRM Labs confirmed that a transaction of about 5.72 bitcoin, worth $373,646, took place and the money was laundered through different cryptocurrency exchanges and wallets. However, the person controlling the wallets is unknown.
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
xAI Dev Leaks API Key for Private SpaceX, Tesla & Tweeter
A security researcher, known as Reddington, confirmed that a payment took place. The hacker asked Reddington to be the intermediary for their negotiation with AT&T, and Reddington received a fee from AT&T for this role. Reddington showed WIRED evidence of the fee payment. The hacker initially asked for $1 million from AT&T, but eventually settled for a third of that amount.
WIRED watched a video. The hacker claims that he showed the video to AT&T to prove that he had deleted their stolen data. AT&T did not comment when WIRED asked for a response.
It was indirectly through Reddington that AT&T learned about the data theft three months ago.
Reddington was contacted by an American hacker living in Turkey, who claimed to have obtained Reddington’s AT&T call logs. The hacker also said he had accessed call and texting logs of millions of other AT&T customers through a poorly secured cloud storage account. Reddington reported the breach to security firm Mandiant, who then informed AT&T. AT&T stated it first learned of the breach in April, according to a regulatory filing with the Securities and Exchange Commission.
Reddington believes that the AT&T dataset, allegedly stolen by Binns, has been deleted. This is because the hacker and Binns stored the data in a shared cloud server, and the hacker removed it from there.
Source: Wired
