Phone giant AT&T is reseting customer account passcodes after a huge cache of data containing millions of customer records was dumped online earlier this month, TechCrunch has exclusively learned.
The U.S. telco giant initiated the passcode mass-reset after TechCrunch informed AT&T on Monday that the leaked data contained encrypted passcodes that could be used to access AT&T customer accounts.
A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher. TechCrunch alerted AT&T to the security researcher’s findings.
In a statement provided Saturday, AT&T said: “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
“AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said.
TechCrunch held the publication of this story until AT&T could begin reseting customer account passcodes.
This is the first time that AT&T has acknowledged that the leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer records. Until now, AT&T had denied a breach of its systems, but the source of the leak remained inconclusive.
In 2021, the hacker claiming the AT&T breach posted only a small sample of records, making it difficult to check if the data was authentic. Earlier in March, a data seller published the full 73 million alleged AT&T records online on a known cybercrime forum, allowing for a more detailed analysis of the leaked records. AT&T customers have since confirmed that their leaked account data is accurate.
The leaked data includes AT&T customer names, home addresses, phone numbers, dates of birth and Social Security numbers.
The security researcher told TechCrunch that each record in the leaked data also contains the AT&T customer’s account passcode in an encrypted format. The researcher demonstrated to TechCrunch in a video call how they unscrambled the data into plaintext account passcodes.
The researcher double-checked their findings by looking up records in the leaked data against AT&T account passcodes known only to them.
This is breaking news. More to come…