AT&T resets account passcodes after tens of millions of buyer information leak on-line

Cellphone big AT&T is reseting buyer account passcodes after an enormous cache of knowledge containing tens of millions of buyer information was dumped on-line earlier this month, TechCrunch has solely discovered.

The U.S. telco big initiated the passcode mass-reset after TechCrunch knowledgeable AT&T on Monday that the leaked information contained encrypted passcodes that may very well be used to entry AT&T buyer accounts.

A safety researcher who analyzed the leaked information instructed TechCrunch that the encrypted account passcodes are straightforward to decipher. TechCrunch alerted AT&T to the safety researcher’s findings.

In a press release supplied Saturday, AT&T stated: “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”

“AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the assertion stated.

TechCrunch held the publication of this story till AT&T may start reseting buyer account passcodes.

That is the primary time that AT&T has acknowledged that the leaked information belongs to its prospects, some three years after a hacker claimed the theft of 73 million AT&T buyer information. Till now, AT&T had denied a breach of its systems, however the supply of the leak remained inconclusive.

In 2021, the hacker claiming the AT&T breach posted solely a small pattern of information, making it tough to examine if the information was genuine. Earlier in March, a knowledge vendor printed the total 73 million alleged AT&T information on-line on a recognized cybercrime discussion board, permitting for a extra detailed evaluation of the leaked information. AT&T prospects have since confirmed that their leaked account data is accurate.

The leaked information consists of AT&T buyer names, residence addresses, telephone numbers, dates of start and Social Safety numbers.

The safety researcher instructed TechCrunch that every file within the leaked information additionally accommodates the AT&T buyer’s account passcode in an encrypted format. The researcher demonstrated to TechCrunch in a video name how they unscrambled the information into plaintext account passcodes.

The researcher double-checked their findings by trying up information within the leaked information towards AT&T account passcodes recognized solely to them.

That is breaking information. Extra to return…