Yes — American Tower (americantower.com) was breached. The global telecommunications infrastructure company now appears on Have I Been Pwned with 216,601 accounts from a June 2026 ShinyHunters “pay or leak” extortion campaign.
HIBP added the breach on June 26, 2026. Published data allegedly includes more than 200,000 unique email addresses belonging to employees, contractors, customers, and leads, plus names, addresses, phone numbers, and job titles.
We scanned americantower.com to assess email and domain security posture after this leak.
What Happened
According to Have I Been Pwned:
- June 2026 — ShinyHunters targeted American Tower in a pay-or-leak extortion campaign.
- The group published data it claimed was taken from the company.
- 216,601 unique email addresses were exposed across employees, contractors, customers, and sales leads.
- Additional fields include names, physical addresses, phone numbers, and job titles.
- HIBP added the breach on June 26, 2026.
American Tower owns and operates wireless and broadcast communications sites worldwide — making contractor and carrier contact data strategically sensitive for supply-chain and site-access social engineering.

Breach Impact at a Glance
| Field | Detail |
|---|---|
| Victim | American Tower (americantower.com) |
| Sector | Telecommunications infrastructure |
| Threat actor | ShinyHunters |
| Accounts affected | 216,601 |
| Breach period | June 2026 |
| Added to HIBP | June 26, 2026 |
| Data types | Emails, names, job titles, addresses, phones |
Data at Risk
Exposed records may include:
- Employee and contractor emails with job titles — useful for spear-phishing site-access requests
- Customer and lead contact data for carrier and enterprise relationships
- Physical addresses tied to tower sites and regional offices
- Phone numbers for vishing and SMS OTP interception attempts
Telecom infrastructure vendors are high-value targets because compromised credentials can affect physical site access, maintenance windows, and carrier coordination workflows.

Independent Cybersecurity Audit
We ran an EmailMeNow Cybersecurity Audit of americantower.com on July 5, 2026:
| Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|
| americantower.com | 64% | 40% | 15% | 92% | Above Average |
Key findings:
- 64% overall (Above Average) — moderate posture, still below the 100% ideal for critical infrastructure vendors.
- 40% Identity & Spoofing — partial DMARC enforcement; spoofed
@americantower.commessages may reach contractors after this leak. - 15% Transport Security — no effective MTA-STS
mode=enforceor TLS-RPT reporting. - 92% Website Security — strong public-site headers, but email path hardening lags.
Audit link: americantower.com audit
Priority Actions
- Verify tower-site access, maintenance, and vendor payment requests through official channels.
- Check Have I Been Pwned if you hold an American Tower portal or contractor account.
- Carriers and tower vendors should enforce phishing-resistant MFA and monitor for impersonation of infrastructure staff.
- Review HIBP 2026 breaches and the ShinyHunters roundup.
Sources: HIBP — American Tower · EmailMeNow audit — americantower.com