AT&T Resets Account Passcodes After Big Leak of Millions of Customer Records Online

The telecommunications giant AT&T is resetting millions of customer account passcodes due to a huge leak of records online earlier this month.

AT&T started the large-scale passcode reset after being notified by TechCrunch last week that the leaked data held encrypted passcodes that could potentially be used to access AT&T customer accounts.

A security researcher who analyzed the leaked data revealed that the encrypted account passcodes were easily decipherable. TechCrunch promptly alerted AT&T to the security researcher’s findings.

AT&T said in a statement on Saturday, “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”

The company added in the statement, “AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”

AT&T has shared a post on its website to help customers keep their accounts secure.

A large number of passcodes for AT&T customers are four digits, and they’re used as a second layer of security when getting into a customer’s account.

This marks the first time the telecoms giant has acknowledged that “the leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer records.” AT&T denied the breach at the time. The matter was not resolved or concluded with a definitive outcome.

On Saturday, AT&T said that “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.”

Three years ago, the hacker claimed that the AT&T breach only exposed a small portion of records, making it an uphill battle to verify the authenticity of the data. However, toward the start of March this year, a data seller published the entire alleged 73 million AT&T records on a prominent cybercrime forum, leading to a more comprehensive analysis of the leaked data. Meanwhile, AT&T customers have verified the accuracy of their leaked account information.

The personal data leaked were customer names, phone numbers, dates of birth, home addresses, and Social Security numbers.

According to security researcher, Sam “Chick3nman” Croley, each record within the leaked data consisted of the AT&T customer’s account passcode in an encrypted format. Croley consolidated his findings by cross-referencing records in the leaked data with AT&T account passcodes known exclusively to him. Croley said that cracking the encryption cipher was unnecessary to decipher the passcode data.