©Syda Productions via Canva.com
AT&T Resets Account Passcodes After Big Leak of Millions of Customer Records Online
April 1, 2024
The telecommunications giant AT&T is resetting millions of customer account passcodes due to a huge leak of records online earlier this month.
AT&T started the large-scale passcode reset after being notified by TechCrunch last week that the leaked data held encrypted passcodes that could potentially be used to access AT&T customer accounts.
A security researcher who analyzed the leaked data revealed that the encrypted account passcodes were easily decipherable. TechCrunch promptly alerted AT&T to the security researcher’s findings.
AT&T said in a statement on Saturday, “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
The company added in the statement, “AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
AT&T has shared a post on its website to help customers keep their accounts secure.
A large number of passcodes for AT&T customers are four digits, and they’re used as a second layer of security when getting into a customer’s account.
This marks the first time the telecoms giant has acknowledged that “the leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer records.” AT&T denied the breach at the time. The matter was not resolved or concluded with a definitive outcome.
On Saturday, AT&T said that “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.”
Three years ago, the hacker claimed that the AT&T breach only exposed a small portion of records, making it an uphill battle to verify the authenticity of the data. However, toward the start of March this year, a data seller published the entire alleged 73 million AT&T records on a prominent cybercrime forum, leading to a more comprehensive analysis of the leaked data. Meanwhile, AT&T customers have verified the accuracy of their leaked account information.
The personal data leaked were customer names, phone numbers, dates of birth, home addresses, and Social Security numbers.
According to security researcher, Sam “Chick3nman” Croley, each record within the leaked data consisted of the AT&T customer’s account passcode in an encrypted format. Croley consolidated his findings by cross-referencing records in the leaked data with AT&T account passcodes known exclusively to him. Croley said that cracking the encryption cipher was unnecessary to decipher the passcode data.
Recent News
Truckers File Lawsuit Against NYC Congestion Pricing
The fees will be imposed on all drivers beginning June 30.
Two Planes Narrowly Collide at Reagan National Airport
This is the second time this type of incident has occurred in two months at the same airport.
Orange Juice Prices Soar, Producers Consider Alternatives
Orange juice producers are grappling with a significant challenge as soaring prices driven by a global shortage of oranges prompt them to consider alternative fruits for making the popular breakfast beverage.
Jeep’s New Wagoneer S Trailhawk Concept Is an All-Electric SUV
Jeep has unveiled the Wagoneer S Trailhawk concept, an all-electric SUV that combines off-road capability with modern electric technology.