New York/New Delhi: A hacker has reportedly released phone numbers allegedly linked to U.S. Vice President Kamala Harris and several family members of President-elect Donald Trump in an extortion scheme targeting telecom giant AT&T.
The cybercriminal, operating on a hacking forum, leaked call logs reportedly tied to First Lady-in-waiting Melania Trump, Trump’s daughters Ivanka and Tiffany, and even a number associated with the Mar-a-Lago resort in Florida. The call logs appear to date back to 2022.
In a message to AT&T, the hacker demanded the company initiate contact for ransom negotiations, threatening to release “all presidential government call logs” if ignored. In an earlier post, the hacker alleged that AT&T paid a ransom to remove sensitive surveillance data from the National Security Agency (NSA).
According to reports, the Open-Source Intelligence (OSINT) team at Indian media outlet India Today analyzed a sample data tranche, reviewing over 2,000 phone numbers and call records. Using the caller identification app Truecaller, the team identified three numbers in the leaked data as belonging to “Kamala Harris”, “Melania Trump”, and “Ivanka Trump”. Tiffany Trump’s number was identified as “The Trump Organ”.
The sample data revealed call patterns indicating frequent communication between Harris and her spiritual mentor, civil rights leader Amos Brown. Tiffany Trump’s calls were often directed to her mother, Marla Maples, Trump’s second wife. U.S. publication The Nightly verified a leaked number identified as belonging to Harris’s campaign co-chair, Cedric Richmond, adding credibility to the data.
The hacker, known as “Kiberphantom”, has previously been involved in high-profile data breaches, including a major leak from the public telecom provider Bharat Sanchar Nigam Limited (BSNL) in India.
Connection to Arrested Hacker
The hacker demanded the release of an individual known as “Waifu”, an alias for Alexander “Connor” Moucka. Moucka, apprehended in Canada last week, is facing extradition to the United States on charges related to corporate extortion. Authorities believe he heads a hacking group that has orchestrated multiple breaches, targeting customers of data storage company Snowflake.
Snowflake, which holds large volumes of data for corporate clients such as AT&T, was the subject of a cyberattack impacting around 164 customers, including Santander Bank, Live Nation Entertainment, and Ticketek.
Also Read | Thousands Evacuate as Southern California Wildfires Ravage Homes and Landscape
AT&T confirmed two data breaches in March and July 2024. In a July 12 statement, the company acknowledged that compromised files contained call and text records from nearly all of AT&T’s cellular customers, as well as those using mobile virtual network operators (MVNOs) on AT&T’s network. The data breach also affected AT&T’s landline customers who interacted with cellular numbers during the period from May 1, 2022, to October 31, 2022.
The company added, “The compromised data includes records from January 2, 2023, for a very small number of customers.”
