AT&T resets thousands of user passwords as it confirms the breached data was its own after all
US telecommunications giant AT&T has finally confirmed the authenticity of the 2021 data breach that exposed sensitive user information on the dark web and initiated a mass reset of user passcodes.
About three years ago, privacy blog Restore privacy broke the news about a hacker selling sensitive data on more than 70 million AT&T customers. The data would include people’s names, phone numbers, postal addresses, email addresses, social security numbers and dates of birth.
While AT&T initially denied the breach and said the data did not belong to the company, the hacker, who went by the name “ShinyHunters,” said the organization will likely continue to deny it until they leak everything.
Mass reset
It is true that last month a vendor published the entire database, affecting 73 million people TechCrunch analyzed the database, confirmed its authenticity and also determined that it contained user passcodes, prompting a quick alert to AT&T.
Passcodes are four-digit numbers that act as the second layer of security and are used to access user accounts. Although they were coded, some researchers argued that this is something that can be worked around. Apparently there isn’t enough randomness in the encrypted data, meaning a threat actor could theoretically guess the passcode.
It appears the threat is more than just theoretical, as AT&T initiated a massive passcode reset this past weekend.
“AT&T has initiated a robust investigation, supported by internal and external cybersecurity experts,” the company said in a statement released Saturday. “Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
“AT&T has no evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said.
While the telco has confirmed the breach, it says it still doesn’t know where the data comes from, whether it comes directly from its servers or from its suppliers.