Back to news
Cybersecurity Alert
July 5, 2026 by EmailMeNow IT Consulting

Was American Tower Breached? We Scanned Their Domain Security

American Tower appears on Have I Been Pwned with 216,601 accounts after a ShinyHunters pay-or-leak campaign. Independent audit scores americantower.com at 64% with 15% transport security.

Source: Have I Been Pwned

NewsData BreachShinyHuntersTelecommunicationsCybersecurity
Telecommunications tower infrastructure company targeted by ShinyHunters data breach

Yes — American Tower (americantower.com) was breached. The global telecommunications infrastructure company now appears on Have I Been Pwned with 216,601 accounts from a June 2026 ShinyHunters “pay or leak” extortion campaign.

HIBP added the breach on June 26, 2026. Published data allegedly includes more than 200,000 unique email addresses belonging to employees, contractors, customers, and leads, plus names, addresses, phone numbers, and job titles.

We scanned americantower.com to assess email and domain security posture after this leak.

What Happened

According to Have I Been Pwned:

  • June 2026 — ShinyHunters targeted American Tower in a pay-or-leak extortion campaign.
  • The group published data it claimed was taken from the company.
  • 216,601 unique email addresses were exposed across employees, contractors, customers, and sales leads.
  • Additional fields include names, physical addresses, phone numbers, and job titles.
  • HIBP added the breach on June 26, 2026.

American Tower owns and operates wireless and broadcast communications sites worldwide — making contractor and carrier contact data strategically sensitive for supply-chain and site-access social engineering.

Illustration: ShinyHunters extortion leak of telecom tower company contact database

Breach Impact at a Glance

FieldDetail
VictimAmerican Tower (americantower.com)
SectorTelecommunications infrastructure
Threat actorShinyHunters
Accounts affected216,601
Breach periodJune 2026
Added to HIBPJune 26, 2026
Data typesEmails, names, job titles, addresses, phones

Data at Risk

Exposed records may include:

  • Employee and contractor emails with job titles — useful for spear-phishing site-access requests
  • Customer and lead contact data for carrier and enterprise relationships
  • Physical addresses tied to tower sites and regional offices
  • Phone numbers for vishing and SMS OTP interception attempts

Telecom infrastructure vendors are high-value targets because compromised credentials can affect physical site access, maintenance windows, and carrier coordination workflows.

Illustration: telecom employee contractor and customer contact data exposed in breach

Independent Cybersecurity Audit

We ran an EmailMeNow Cybersecurity Audit of americantower.com on July 5, 2026:

DomainOverallIdentityTransportWebsiteRisk
americantower.com64%40%15%92%Above Average

Key findings:

  • 64% overall (Above Average) — moderate posture, still below the 100% ideal for critical infrastructure vendors.
  • 40% Identity & Spoofing — partial DMARC enforcement; spoofed @americantower.com messages may reach contractors after this leak.
  • 15% Transport Security — no effective MTA-STS mode=enforce or TLS-RPT reporting.
  • 92% Website Security — strong public-site headers, but email path hardening lags.

Audit link: americantower.com audit

Priority Actions

  • Verify tower-site access, maintenance, and vendor payment requests through official channels.
  • Check Have I Been Pwned if you hold an American Tower portal or contractor account.
  • Carriers and tower vendors should enforce phishing-resistant MFA and monitor for impersonation of infrastructure staff.
  • Review HIBP 2026 breaches and the ShinyHunters roundup.

Sources: HIBP — American Tower · EmailMeNow audit — americantower.com