©Syda Productions via Canva.com
AT&T Resets Account Passcodes After Big Leak of Millions of Customer Records Online
April 1, 2024
The telecommunications giant AT&T is resetting millions of customer account passcodes due to a huge leak of records online earlier this month.
AT&T started the large-scale passcode reset after being notified by TechCrunch last week that the leaked data held encrypted passcodes that could potentially be used to access AT&T customer accounts.
A security researcher who analyzed the leaked data revealed that the encrypted account passcodes were easily decipherable. TechCrunch promptly alerted AT&T to the security researcher’s findings.
AT&T said in a statement on Saturday, “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
The company added in the statement, “AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
AT&T has shared a post on its website to help customers keep their accounts secure.
A large number of passcodes for AT&T customers are four digits, and they’re used as a second layer of security when getting into a customer’s account.
This marks the first time the telecoms giant has acknowledged that “the leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer records.” AT&T denied the breach at the time. The matter was not resolved or concluded with a definitive outcome.
On Saturday, AT&T said that “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.”
Three years ago, the hacker claimed that the AT&T breach only exposed a small portion of records, making it an uphill battle to verify the authenticity of the data. However, toward the start of March this year, a data seller published the entire alleged 73 million AT&T records on a prominent cybercrime forum, leading to a more comprehensive analysis of the leaked data. Meanwhile, AT&T customers have verified the accuracy of their leaked account information.
The personal data leaked were customer names, phone numbers, dates of birth, home addresses, and Social Security numbers.
According to security researcher, Sam “Chick3nman” Croley, each record within the leaked data consisted of the AT&T customer’s account passcode in an encrypted format. Croley consolidated his findings by cross-referencing records in the leaked data with AT&T account passcodes known exclusively to him. Croley said that cracking the encryption cipher was unnecessary to decipher the passcode data.
Recent News
Kentucky Derby Celebration Spots in Las Vegas and Goldbelly Home Delivery
Las Vegas, though miles away from Louisville, gears up for the Kentucky Derby with a range of special offerings. From viewing parties to themed cocktails, the city joins the celebration of the sesquicentennial Run for the Roses. If you’re a resident of Kentucky, you can get Ready for the Kentucky Derby with Goldbelly.
New Nintendo Theme Park to Open in Orlando
It’s set to open in 2025.
Novo Noradisk Announces $6B Investment in Ozempic, Wegovy Amid Shortages
The money will help meet increased demand for the drugs.
EV Battery Tax Credit Rules Change in the US
The U.S. government has made some tweaks to electric vehicle (EV) tax credits, possibly paving the way for more EVs to qualify for credits of up to $7,500. These tax credits range from $3,750 to $7,500 for new EVs, with a $4,000 credit available for used ones.