AT&T resets account passcodes after millions of customer records leak online

Phone giant AT&T has reset millions of customer account passcodes after a huge cache of data containing AT&T customer records was dumped online earlier this month, TechCrunch has exclusively learned.

The U.S. telco giant initiated the passcode mass-reset after TechCrunch informed AT&T on Monday that the leaked data contained encrypted passcodes that could be used to access AT&T customer accounts.

A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher. TechCrunch alerted AT&T to the security researcher’s findings.

In a statement provided Saturday, AT&T said: “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”

“AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said.

TechCrunch held the publication of this story until AT&T could begin reseting customer account passcodes. AT&T also has a post on what customers can do to keep their accounts secure.

This is the first time that AT&T has acknowledged that the leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer records. AT&T had denied a breach of its systems, but the source of the leak remained inconclusive.

AT&T said Saturday that “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.”

In 2021, the hacker claiming the AT&T breach posted only a small sample of records, making it difficult to check if the data was authentic. Earlier in March, a data seller published the full 73 million alleged AT&T records online on a known cybercrime forum, allowing for a more detailed analysis of the leaked records. AT&T customers have since confirmed that their leaked account data is accurate.

The leaked data includes AT&T customer names, home addresses, phone numbers, dates of birth and Social Security numbers.

The security researcher told TechCrunch that each record in the leaked data also contains the AT&T customer’s account passcode in an encrypted format. The researcher demonstrated to TechCrunch in a video call how they unscrambled the data into plaintext account passcodes.

The researcher double-checked their findings by looking up records in the leaked data against AT&T account passcodes known only to them.

This is breaking news. More to come…

Leave a Reply

Your email address will not be published. Required fields are marked *