AT&T says 7.6 million current customers were affected by a recent leak in which sensitive data was released on the dark web, along with 65.4 million former account holders. TechCrunch first reported on Saturday morning that the company has reset the passcodes of all affected active accounts, and AT&T confirmed the move in an update published on its support page. The data set, which AT&T says “appears to be from 2019 or earlier,” includes names, home addresses, phone numbers, dates of birth and Social Security numbers, according to TechCrunch.
TechCrunch reports that it alerted AT&T about the potential for the leaked data to be used to access customers accounts on Monday, after a security researcher discovered that the records included easily decipherable encrypted passcodes. AT&T said today that it’s “launched a robust investigation supported by internal and external cybersecurity experts.” The data appeared on the dark web about two weeks ago, according to AT&T.
It comes three years after a hacker known as ShinyHunters claimed in 2021 that they’d obtained the account data of 73 million AT&T customers. AT&T at the time told BleepingComputer that it had not suffered a breach and that samples of information shared by the hacker online did “not appear to have come from our systems.” The company now says that “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.” So far, it “does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
AT&T says it will reach out to both current and former account holders who have been affected by the leak. The company also says it will offer credit monitoring to those customers “where applicable.”
This article originally appeared on Engadget at https://www.engadget.com/att-resets-millions-of-customers-passcodes-after-account-info-was-leaked-on-the-dark-web-160842651.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Testing by Microsoft revealed a major vulnerability in the Android version of TikTok. The exploit could give attackers full access to a user’s account.
Android | Digital Trends
The Google Play Store has gotten rid of a popular feature, resulting in a fan outcry and confusion.
Android | Digital Trends
If you recently bought something from Razer, you'll want to keep an eye on your email inbox for suspicious links. According to security researcher Bob Diachenko, the company recently misconfigured one of its Elasticsearch servers, leaving the sensiti…
Engadget RSS Feed
Tesla has a rough history with leakers, and it's apparently eager to remind employees of that fact. CNBC said it had obtained an email from Tesla's security team (yes, the irony is thick) warning staff against leaking sensitive information. The messa…
Engadget RSS Feed
You now have access to a treasure trove of government info through your smart speaker if you live in the UK. The British government has made over 12,000 pieces of Gov.uk information available through Alexa and Google Assistant, saving you the troubl…
Engadget RSS Feed
Google's semi-defunct social media platform Google+ has suffered its second data breach in three months and, as a result, will be completely shuttered in April, four months earlier than previously planned.
Engadget RSS Feed
Today The Centers for Medicare & Medicaid Services (CMS) announced that Healthcare.gov, the federally operated health insurance marketplace, has suffered a data breach. Apparently it detected "anomalous system activity" in a tool that's supposed…
Engadget RSS Feed
The New York City Council voted in support of regulation that would force Airbnb, HomeAway and other short-term rental services to hand over about hosts using their sites. State law already prohibits rentals of most apartments for less than 30 days u…
Engadget RSS Feed
News that someone exploited an Instagram security hole to steal info from some of its most popular accounts got worse when they began selling it. The Verge reports this dark web service is no longer available, but The Daily Beast chatted with operato…
Engadget RSS Feed
A month ago, the Department of Justice served a warrant (PDF) to Dreamhost regarding one of its clients. This is routine for law enforcement to make such requests, the website hosting service said in a blog post — except the page in question, disrup…
Engadget RSS Feed
Earlier today several images showed up that supposedly reveal the design of the forthcoming LG V30 smartphone. Turns out that was not the only LG manufactured device to be the subject of the rumor mill. A new image also surfaced that claims to be the next Google Pixel XL device. Along with the image and […]
Come comment on this article: New image of Pixel XL 2 shows up along with info on features
Yesterday we posted a new video outlining our wish list for the new Google Pixel smartphones coming to market in early October. Although it does not look like we have much more clarity regarding the items we are hoping for, several new pieces of data about the devices have surfaced over the past day as […]
Come comment on this article: A whole bunch of new Google Pixel device info surfaces