Mobile phone giant AT&T has reset the passcodes on millions of customer accounts after a huge cache of data containing AT&T customer records was leaked online earlier this month, TechCrunch has learned exclusively. .
The US telecom giant announced a mass passcode reset after TechCrunch notified AT&T on Monday that the leaked data included encrypted passcodes that could be used to access AT&T customer accounts. It started.
Security researchers who analyzed the leaked data told TechCrunch that encrypted account passcodes are easy to crack. TechCrunch alerted AT&T to the security researchers' findings.
In a statement filed Saturday, AT&T said: Based on our preliminary analysis, this dataset appears to date back to 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders. ”
“AT&T has no evidence of unauthorized access to its systems that resulted in the exfiltration of data sets,” the statement said.
TechCrunch held off on publishing this article until AT&T can begin resetting passcodes on customer accounts. AT&T also posted about what customers can do to keep their accounts safe.
AT&T customer account passcodes are typically four digits and are used as an additional layer of security when accessing a customer's account at a retail store or online, such as when calling AT&T customer service.
Nearly three years after hackers claimed to have stolen 73 million AT&T customer records, this is the first time AT&T has acknowledged that the leaked data belonged to its customers. Although AT&T denied compromising its systems, the cause of the breach remained inconclusive.
“It is not yet clear whether the data in these areas comes from AT&T or its vendors,” AT&T said Saturday.
In 2021, hackers claiming to have breached AT&T posted only a small sample of their records, making it difficult to verify whether the data was authentic. In early March, a data seller published all of his 73 million AT&T records online on a known cybercrime forum, allowing for a more detailed analysis of the leaked records. AT&T customers have since confirmed that their leaked account data is accurate.
The leaked data includes AT&T customer names, home addresses, phone numbers, dates of birth, and Social Security numbers.
The security researcher told TechCrunch that each record of the leaked data also contained the passcode for an AT&T customer's account in encrypted form. Researchers double-checked their findings by matching the records in the leaked data to her AT&T account passcode, known only to the researchers.
This is breaking news. Even more in the future…