Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

AT&T Denies Data Breach After Hacker Auctions 70 Million User Database

AT&T Denies Data Breach After Hacker Auctions 70 Million User Database

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers. 

The threat actor, known as ShinyHunters, began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.

Threat actor selling AT&T database on a hacking forum

Also Read: Vulnerability Management For Cybersecurity Dummies

From the samples shared by the threat actor, the database contains customers’ names, addresses, phone numbers, Social Security numbers, and date of birth.

A security researcher who wishes to remain anonymous told BleepingComputer that two of the four people in the samples were confirmed to have accounts on

Other than these few details, not much is known about the database, how it was acquired, and whether it is authentic.

However, ShinyHunters is a well-known threat actor with a long history of compromising websites and developer repositories to steal credentials or API keys. This authentication is then used to steal databases, which they then sell directly to other threat actors or utilize a middle-man data breach seller.

In many cases, when a database is not sold, ShinyHunters will release it for free on hacker forums.

In the past, ShinyHunters has breached numerous companies, including WattpadTokopediaMicrosoft’s GitHub accountBigBasketNitro PDFPixlrTeeSpringPromo.comMathway, and many more.

AT&T denies suffering a breach

After learning of the threat actor’s claims, BleepingComputer reached out to AT&T to see if the data belonged to them.

In multiple emails, AT&T has told BleepingComputer that the data is not from their systems and has not recently been breached.

“Based on our investigation today, the information that appeared in an internet chat room does not appear to have come from our systems.” – AT&T.

When asked whether the data may have come from a third-party partner, AT&T chose not to speculate.

“Given this information did not come from us, we can’t speculate on where it came from or whether it is valid,” AT&T told us in a follow-up email.

ShinyHunters has told BleepingComputer that they are not surprised that AT&T denies the breach and continues to state that it comes from them.

“I don’t care if they don’t admit. I’m just selling,” ShinyHunters told BleepingComputer.

While ShinyHunters states that they did not contact AT&T, they said they are willing to “negotiate” with the company.

When we asked the threat actor for further information about the breach, ShinyHunters refused to provide any other details.

Also Read: Compliance With Singapore Privacy Obligations; Made Easier!

This news comes soon after a different threat actor tried to sell the stolen data of 100 million T-Mobile customers.

T-Mobile latest confirmed they were hacked, and the cyberattack exposed the personal data of 48 million T-Mobile customers.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us