AT&T has taken swift action after a massive security breach has exposed millions of its customer’s records online. This exclusive report from TechCrunch reveals that the telecom giant has initiated a mass reset of account passcodes following the discovery that the leaked data includes encrypted passcodes that can be used to access customer accounts.
According to TechCrunch, a security researcher who analyzed the leaked data found that the encrypted passcodes were easy to decipher, leading to immediate action from AT&T. The telecom company was made aware of the security researcher’s findings and quickly launched an investigation supported by internal and external cybersecurity experts.
“Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” AT&T said in a statement provided on Saturday.
“AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement continued.
TechCrunch chose to withhold this story until AT&T could begin resetting customer account passcodes, highlighting the seriousness of the situation. It was only recently that AT&T acknowledged that the leaked data did, in fact, belong to its customers – nearly three years after a hacker claimed to have stolen 73 million AT&T customer records. Until now, AT&T had denied any breach in its systems.
In March, a data seller posted the full 73 million alleged AT&T records on a known cybercrime forum, providing a more comprehensive analysis of the leaked data. It has since been confirmed by AT&T customers that their leaked account data is accurate, revealing personal information such as names, home addresses, phone numbers, dates of birth, and Social Security numbers.
The security researcher who analyzed the leaked data also discovered that each record included encrypted account passcodes. In a video call with TechCrunch, the researcher demonstrated how they were able to unscramble the data into plaintext passcodes. To further validate these findings, the researcher cross-checked the records against account passcodes known only to them.
This breaking news is ongoing, and more updates will follow as the situation unfolds.
