AT&T acknowledges massive data leak affecting 73MILLION users as the telecom giant resets account passcodes for customers – after previously denying they’d been compromised
AT&T this week reset the passcodes of millions of customers after acknowledging a major data breach that affected more than 73 million users.
The telecom giant said the leaked data set appears to be from 2019 or earlier and affects approximately 7.6 million current AT&T account holders and 65.4 million former account holders.
The leaked dataset includes names, home addresses, phone numbers, social security numbers and dates of birth, as reported by TechCrunch.
A security researcher who analyzed the dataset found that it contained encrypted passcodes, prompting the provider to initiate a reset process, the outlet said.
The revelation comes a week after the airline denied a breach of its systems and said there is ‘no evidence of a compromise’.
AT&T reset the passcodes of millions of customers this week after acknowledging a major data breach that affected more than 73 million users
The telecom giant said the leaked data set appears to be from 2019 or earlier and affects approximately 7.6 million current AT&T account holders and 65.4 million former account holders. Pictured: A hacker posted 70 million AT&T records to a forum in August 2021
AT&T customer account access codes are four-digit numbers used to access user accounts, both online and in stores.
In a statement released Saturday, AT&T said: “AT&T has initiated a robust investigation, supported by internal and external cybersecurity experts.
“Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
“AT&T has no evidence that unauthorized access to its systems resulted in exfiltration of the data set,” the statement said.
The company added, “It is not yet known whether the data in those fields comes from AT&T or one of its suppliers.”
The shocking revelation comes after a data vendor dumped massive rolls of alleged AT&T customer data on a cybercrime forum earlier this month.
The dataset contains 73 million records, including 49 million unique email addresses, 44 million Social Security numbers and 43,000 dates of birth, according to Troy Hunt, a security researcher.
After obtaining a copy of the data set and analyzing it, Hunt said a blog post that the leaked data was real.
The researcher, owner of the data breach reporting site Have I Been Pwned, asked his subscribers if they were AT&T customers and the data seemed accurate.
Users have since come forward that the leaked data did indeed contain their personal information, Hunt said.
The leaked dataset includes names, home addresses, phone numbers, Social Security numbers and dates of birth, according to security experts who analyzed the data
In 2023, AT&T suffered data breaches, including one in March when the company notified nine million people of the cyberattack
One response Hunt received said, “That’s my information. I’m an AT&T customer,” and someone else says, “Unfortunately, it looks accurate. I was an AT&T customer in 2014, but not anymore.’
At the time, AT&T spokesman Stephen Stokes did not confirm whether the alleged data set was valid or how it was distributed online.
He wrote in a statement: “We have no evidence of a compromise of our systems. In 2021, we determined that the information provided in this online forum did not appear to come from our systems.
“This appears to be the same data set that has been recycled multiple times on this forum.”
Rumors of AT&T data breaches emerged three years ago when a hacker posted what he claimed to be 70 million AT&T records on a forum in August 2021.
The individual, known on the forum as ShinyHunters, has a proven history of violating major organizations, according to Hunt.
The person tried to sell the database with a starting price of $200,000 and increasing bids of $30,000. The hacker also said they were willing to sell it immediately for $1 million.
In February this year, 70,000 users were left without phone signal for hours during a massive outage
The company blamed the outage on a ‘software update error’ while expanding network coverage
In 2023, AT&T suffered data breaches, including one in March when the company notified nine million people of the cyberattack.
The company blamed a third-party vendor that was attacked by hackers in January and said its own system was not compromised.
In February this year, 70,000 users were left without phone signal for hours during a massive outage.
The company blamed the outage on a ‘software update error’ while expanding network coverage.
However, there was speculation that the problem may have been due to a cyber attack.
Cyber experts also told DailyMail.com that the problem had hallmarks of a cyber attack, possibly an attempt by hackers to blackmail the company or steal user data.
Although the company insisted there was “no evidence of malicious activity,” both the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) were on the hunt to track down what was disrupting service.