AT&T confirms data leak affecting 73 million customers - after spending two weeks denying it

[midian182]

In brief: After spending two weeks repeatedly denying that a massive cache of data belonging to 73 million people came from the company, AT&T has now confirmed that it originates from current and former customers. The information contains full names, email addresses, mailing addresses, phone numbers, social security numbers, birth dates, AT&T account numbers, and four-digit pin passcodes.

When the massive trove of data was posted for sale on a cybercrime forum early this month, AT&T said it did not originate from its systems, even though the poster said it was stolen from a 2021 breach of the telecommunications giant.

AT&T says there is still no indication their systems were breached. However, the company has now confirmed that the data belongs to 7.6 million current customers and 65.4 million former customers. According to a statement, it is not yet known whether the data in those fields originated from AT&T or one of its vendors.

The reason so many former customers have been impacted is due to the data set apparently dating from 2019 or earlier.

BleepingComputer reports that this might not be the first time this data has been put up for sale. In 2021, a hacker known as Shiny Hunters claimed to be selling the stolen data of 73 million AT&T customers for a starting price of $200,000. It included names, addresses, phone numbers, social security numbers, and birth dates. AT&T at the time denied it came from the company.

Source: BleepingComputer

TechCrunch first reported on the compromised passcodes being part of the data set after the publication was contacted by a security researcher. They are encrypted, but the researcher indicated that cracking the encryption was unnecessary to access the passcode data.

AT&T said it has now launched an investigation supported by internal and external cybersecurity experts. It is contacting all of the 7.6 million current customers who have been impacted and resetting their passcodes. The former customers whose personal information appears in the data set are also being contacted. The company will be offering credit monitoring at its expense where available.

Masthead: Mike Mozart

Permalink to story.

https://www.techspot.com/news/102459-att-confirms-data-leak-affecting-73-million-customers.html

 

[NicktheWVAHick]

You are only as protected from cybercrime as your weakest link.
In this case it was AT&T. Not your VPN. Not your antivirus firewall. Not your password protector software. Not your logon credentials. Not your antimaleware software. Not your encrypted HDD.
Just AT&T.

 

[ScottSoapbox]

This is why you should never give companies your social security number.

 

[BakaRed77]

I got the notice from https://haveibeenpwned.com/ and I was confused because I never had an AT&T account but then I remembered they bought out DirecTV when I had them back in the day. The company sucks they ruin everything they touch. Not being secure and then denying the breach is just typical at this point. If you have not done so you should enter your info on haveibeenpwned. Very helpful to help you know if you have been compromised anywhere online.

 

[netman]

"AT&T confirms data leak affecting 73 million customers - after spending two weeks denying it"

Expect a Massive Class Action Lawsuit...!

 

[Karlos95]

Wonder if the outage had anything to do with this lol Nothing ever changes, just more sweeping under the rug