AT&T has reset millions of customers’ account passcodes following the discovery of a significant data dump containing AT&T customer records earlier this month.
The leaked data includes sensitive details such as encrypted account passcodes, along with names, home addresses, phone numbers, dates of birth, and Social Security numbers of both current and former AT&T customers. The breach impacts around 7.6 million current account holders and an estimated 65.4 million former account holders, with indications that the compromised data originates from the year 2019 or earlier.
How Was the AT&T Data Leak Uncovered?
The situation came to AT&T’s attention following a report by TechCrunch, which was informed by the analysis of security researcher Sam “Chick3nman” Croley. Croley discovered that the encrypted passcodes contained within the leaked data could be relatively easily decrypted.
This revelation led AT&T to initiate a comprehensive investigation with the aid of both internal and external cybersecurity experts. Despite the ongoing investigation, AT&T has confirmed that there has been no evidence of unauthorized access to its systems that could have led to the data being infiltrated.
What Measures Has AT&T Taken to Secure Accounts?
AT&T has undertaken several measures to enhance account security and address potential risks:
- Resetting of Account Passcodes: Account passcodes for affected current customers have been reset to prevent unauthorized access.
- Direct Contact with Affected Customers: AT&T is committed to directly contacting all affected current customers to inform them about the breach and the steps being taken.
- Guidance on Account Security: The company has provided guidance to customers on how to further secure their accounts and protect against unauthorized access.
- Advisory on Fraud Alert Accounts: Affected users are advised to set up fraud alert accounts to monitor their account activity and credit reports for any signs of unauthorized or suspicious activity.
The leaked information is notable for including a variety of personal details, with account passcodes being of particular concern due to their encrypted but decipherable nature. According to Croley, the encryption of these passcodes did not employ sufficient randomness, making it possible to deduce a customer’s four-digit passcode from other personal information included in the leak.
AT&T’s acknowledgment of the data breach comes after initial denials following claims by a hacker in 2021 regarding the theft of 73 million AT&T customer records. Although the company had previously denied a breach of its systems, the recent leak and subsequent analysis have confirmed the authenticity of the compromised customer data.
The company has yet to determine the exact source of the leak, leaving open the question of whether the data originated from AT&T directly or one of its vendors. This incident has prompted AT&T to advise affected users to set up fraud alert accounts and to vigilantly monitor their account activity and credit reports for signs of unauthorized activity.
This cybersecurity breach is set against the backdrop of an unrelated system issue in February, which led to a prolonged cellular outage for AT&T customers. This earlier incident, which the company stated was not the result of a cyberattack, had already put AT&T’s operational resilience under scrutiny. The company’s CEO, John Stankey, issued an apology for the outage and offered customer credits as compensation.
Related News:
Featured Image courtesy of Jeenah Moon/Bloomberg via Getty Images