In an audacious cyberattack, a hacker named "kiberphanT0m" has reportedly leaked phone numbers and private call logs allegedly belonging to high-profile U.S. figures, including Vice President Kamala Harris and former President Donald Trump's family. The leak, intended to pressure telecom giant AT&T, escalates the hacker's demands and raises serious security concerns.
The hacker posted the data on a well-known hacking forum, with an ultimatum: AT&T must comply with their demands, or more sensitive information will be leaked. The leak allegedly includes contact numbers for members of the Trump family, such as First Lady Melania Trump and Trump's daughters, Ivanka and Tiffany, along with numbers tied to Trump's Mar-a-Lago estate. Accompanying the leaked information, the hacker issued a warning to AT&T, demanding contact through encrypted messaging app Telegram or a private forum message.
According to cybersecurity sources, kiberphanT0m's threat is an attempt to secure the release of accomplice Alexander "Connor" Moucka, alias "Waifu," who was recently detained in Canada. Moucka, a 26-year-old software engineer, faces extradition to the U.S. on multiple cybercrime charges, including alleged extortion of major corporations such as AT&T, Santander Bank, and Live Nation's Ticketmaster. Moucka reportedly targeted these companies through breaches on the data warehousing platform Snowflake, which stores vast amounts of client data. The current hack and leak are reportedly connected to ongoing demands for Moucka's release, a pattern seen in past cyber incidents orchestrated by affiliated hacker groups.
KiberphanT0m's post on the forum included a sample of call logs purportedly showing Vice President Harris's communication with her pastor, civil rights leader Amos Brown, and her campaign co-chair Cedric Richmond. Although the hacker's shared download link has since expired, U.S.-based news outlet The Nightly verified the authenticity of one leaked number by briefly reaching Richmond. This preliminary validation indicates the hacker may possess actual data linked to prominent figures, though the full scope remains uncertain. The Nightly declined to publish specific call logs due to privacy concerns, but the confirmation has intensified media attention around the leak.
The cybercriminal's ultimatum also carried the hashtag #FREEWAIFU, a direct reference to Moucka's alias in online hacking communities. Moucka, also known by other handles like "Judische," is alleged to have led a hacking ring responsible for a series of major data breaches, including the well-publicized Snowflake incident. The Snowflake breaches exposed sensitive data from over 165 clients, including records from AT&T, Santander, and Ticketmaster, marking one of the largest data compromises in recent history. Moucka allegedly attempted to extort targeted companies, threatening to release stolen data if ransom demands went unmet. Reports indicate that some firms, including AT&T, paid the ransom to safeguard their data from public exposure.
In response to previous data breaches, AT&T publicly acknowledged that customer call and text records, dating from May to October 2022, were among the compromised information. This disclosure included records from both cellular and landline customers interacting with its wireless network and virtual mobile operators. AT&T also admitted that records from early January 2023 were exposed for a smaller subset of customers. Despite repeated incidents, AT&T has declined to provide further commentary on the current threat by kiberphanT0m, with corporate communications director Jim Kimberly stating, "We are not commenting."
Adding further gravity to the situation, the hacker's post included an unverified claim that AT&T had previously paid to remove surveillance data linked to the National Security Agency (NSA). While the NSA link remains unproven, the implication underscores ongoing concerns around AT&T's data security measures and its ability to protect sensitive governmental information.
Following Moucka's arrest in Kitchener, Ontario, cybersecurity experts and law enforcement agencies, including the Australian Federal Police, have coordinated on an extensive investigation. Moucka appeared via audio link for an initial extradition hearing on October 30 but disclosed that he had not yet secured legal representation. He is expected to apply for legal aid in anticipation of his trial in the U.S., where he could face additional charges related to the cyberattacks on Snowflake and other global corporations.
India Today's OSINT team reviewed the leaked information and identified some of the phone numbers as belonging to "Kamala Harris," "Melania Trump," and "Ivanka Trump" through Truecaller, an app that cross-references public databases. Additionally, contact details labeled "The Trump Organ" appear to correspond to Tiffany Trump's information. The sample call records highlight call patterns, showing Harris's frequent communication with her spiritual advisor and Trump family members' regular calls among themselves, offering a glimpse into the personal lives of these prominent individuals.
In July, AT&T publicly acknowledged its exposure to at least two major data breaches within the year, one in March and another in July, during which customer data on calls and texts was compromised. These breaches, which impacted almost all cellular customers and a portion of landline users, raise critical questions regarding the security protocols of telecommunications providers and the potential implications for national security if sensitive data is mismanaged or exposed.
The U.S. Department of Justice, as well as representatives for both Trump and Harris, have yet to issue official responses to the latest leak. As the investigation continues, cybersecurity specialists are on high alert for further developments from the hacker, while calls for stronger corporate data safeguards have intensified in light of the alarming scope of these breaches.