AT&T logo

How to check if your data was exposed in the AT&T breach

AT&T has notified US state authorities and regulators about its recent (or not) data breach, saying 51,226,382 people were affected.

For those that have missed the story so far:

  • Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T.
  • On March 20, 2024, we reported how the data of over 70 million people was posted for sale on an online cybercrime forum. The seller claimed the data came from the Shiny Hunters breach. However, AT&T denied (both in 2021 and in March, 2024) that the data came from its systems.
  • On March 30, AT&T reset customer passcodes after a security researcher discovered the encrypted login passcodes found in the leaked data were easy to decipher.
  • Finally, on April 2, 2024, AT&T confirmed that 73 million current and former customers were caught up the data leak.

Weirdly enough, in the data breach notification, AT&T says the date of discovery of the breach was March 26, 2024. AT&T has still not disclosed the source of the leak, but says the data appears to be from June 2019 or earlier.

Malwarebytes VP of Consumer Privacy, Oren Arar, describes the AT&T breach as “especially risky” because of the type of data that’s been exposed.

“SSN, name, date of birth—this is personal identifiable information (PII) that cannot be changed, and if scammers get their hands on it, it just makes their work in stealing people’s identities a lot easier. In addition, this exposed data was published on the internet – in a way that anyone could access it, and not on the dark web where you need some expertise to find it”.

Check if your data was exposed

Malwarebytes has an easy, free tool—the Malwarebytes Digital Footprint Portal—that allows you to check if your data was exposed in the AT&T breach. Simply click the button below, enter your email address, and follow the prompts on the screen.

After our tool completes a digital footprint analysis on the internet and the dark web, you will be presented with a small graphic that directly addresses your involvement in the AT&T breach, with other relevant information.

The Digital Footprint Portal reveals what information about a person is available online.

When receiving your Digital Footprint Portal results, a pink bubble with the words “Exposed on AT&T breach” mean that your information was affected in the AT&T breach.

A green bubble with the words “Not exposed on AT&T breach” mean that your information was not affected in the AT&T breach—but it may still have been leaked through various, other breaches, which our tool can provide more information on.

Two possible results from the Digital Footprint Portal about a person’s exposure in the AT&T breach

Click the button below to begin your free, digital scan.

We will keep you posted of any new developments in this case. Stay tuned!

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.