AT&T is resetting account passcodes after millions of customer records were leaked online
[ad_1]
Telephone giant AT&T TechCrunch has reset millions of customer account passcodes after a large amount of data containing AT&T customer records was dumped online earlier this month, TechCrunch has learned exclusively.
The US telecom giant has begun a mass passcode reset after TechCrunch reported AT&T on Monday that the leaked data contained encrypted passcodes that could be used to access AT&T customers’ accounts.
A security researcher who analyzed the leaked data told TechCrunch that encrypted account passcodes are easy to decipher. TechCrunch alerted AT&T to the security researcher’s findings.
“AT&T has launched an aggressive investigation with support from internal and external cybersecurity experts,” AT&T said in a statement issued Saturday. Based on our preliminary analysis, the data set appears to date back to 2019 or earlier, and affects approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.
“AT&T has no evidence of unauthorized access to its systems resulting in the data set leak,” the statement read.
TechCrunch has paused publishing this story so AT&T can begin resetting customer account passcodes. AT&T also has a post on What customers can do to keep their accounts secure.
This is the first time AT&T has acknowledged that the leaked data belonged to its customers, nearly three years after a hacker claimed to have stolen 73 million AT&T customer records. AT&T denied that its systems had been hacked, but the source of the leak remained inconclusive.
“It is not yet known whether the data in those fields comes from AT&T or one of its vendors,” AT&T said on Saturday.
In 2021, the hacker who claimed to breach AT&T published only a small sample of logs, making it difficult to verify whether the data is real. Earlier in March, a data vendor posted the entirety of AT&T’s alleged 73 million records online on a well-known cybercrime forum, allowing for a more detailed analysis of the leaked records. AT&T customers have done so ever since They confirmed that their leaked account data is accurate.
The leaked data includes AT&T customers’ names, home addresses, phone numbers, dates of birth, and Social Security numbers.
The security researcher told TechCrunch that each record in the leaked data also contained an AT&T customer account passcode in an encrypted format. The researcher showed TechCrunch in a video call how they broke down the data into plain text account passcodes.
The researcher double-checked his findings by searching the records in the leaked data against AT&T account passcodes known only to them.
This is breaking news. More is coming…
[ad_2]
Source link