AT&T says 7.6 million current customers were affected by a recent leak in which sensitive data was released on the dark web, along with 65.4 million former account holders. TechCrunch first reported on Saturday morning that the company has reset the passcodes of all affected active accounts, and AT&T confirmed the move in an update published on its support page. The data set, which AT&T says “appears to be from 2019 or earlier,” includes names, home addresses, phone numbers, dates of birth and Social Security numbers, according to TechCrunch.
TechCrunch reports that it alerted AT&T about the potential for the leaked data to be used to access customers accounts on Monday, after a security researcher discovered that the records included easily decipherable encrypted passcodes. AT&T said today that it’s “launched a robust investigation supported by internal and external cybersecurity experts.” The data appeared on the dark web about two weeks ago, according to AT&T.
It comes three years after a hacker known as ShinyHunters claimed in 2021 that they’d obtained the account data of 73 million AT&T customers. AT&T at the time told BleepingComputer that it had not suffered a breach and that samples of information shared by the hacker online did “not appear to have come from our systems.” The company now says that “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.” So far, it “does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
AT&T says it will reach out to both current and former account holders who have been affected by the leak. The company also says it will offer credit monitoring to those customers “where applicable.”
This article originally appeared on Engadget at https://www.engadget.com/att-resets-millions-of-customers-passcodes-after-account-info-was-leaked-on-the-dark-web-160842651.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
It’s been a pretty bad month for security-minded people, and it’s not getting better. Apparently there’s some new Android malware floating around, and it goes beyond your average annoying app on the Play Store that just serves up a bunch of intrusive ads. This new malware, dubbed xHelper, is apparently exploiting some flaws in Android […]
Come comment on this article: This Android malware is impossible to uninstall and somehow survives factory resets
StockX isn't the only company that appears to have warned users about a data breach through password resets. T-shirt seller CafePress has been asking customers to choose new passwords as part of an updated "password policy," but the news came soon a…
Engadget RSS Feed