← All articles

American Tower breach surfaces on Have I Been Pwned with 216,000 accounts

Data from a breach of American Tower, one of the largest wireless communications infrastructure companies, has been indexed by Have I Been Pwned, which added 216,601 affected accounts. The extortion group ShinyHunters is linked to the incident, consistent with its sweeping 2026 campaign that has used social engineering against staff to reach corporate systems and exfiltrate data at major enterprises. American Tower operates critical telecom infrastructure, making any exposure of employee or partner data a concern for follow-on phishing and targeted attacks. Exposed contact details are commonly reused for convincing phishing against affected individuals and the organization.

Check
People connected to American Tower should check Have I Been Pwned for their email and stay alert to phishing referencing the company; the organization should review how the data was accessed.
Affected
Individuals whose data was exposed in the American Tower breach (216,601 accounts indexed); exposed contact information supports targeted phishing against a company operating critical communications infrastructure.
Fix
Reset and avoid reusing affected passwords, enable phishing-resistant MFA, and treat unexpected messages referencing American Tower with caution. Organizations should harden help desks and accounts against social-engineering-driven access.