Following a massive data breach exposing the records of over 73 million current and former customers, AT&T has reset the account passcodes for millions of affected users.
TechCrunch reports that telecommunications giant AT&T has initiated a mass passcode reset for millions of customer accounts after being alerted by TechCrunch that a huge cache of leaked data, containing encrypted passcodes and other sensitive information, had been dumped online earlier this month. The leaked data, which is believed to be from 2019 or earlier, impacts approximately 7.6 million current AT&T account holders and an additional 65.4 million former account holders, according to a statement provided by the company on Saturday.
The decision to reset customer account passcodes comes after a security researcher, who analyzed the leaked data, informed TechCrunch that the encrypted passcodes were easily decipherable. AT&T launched a comprehensive investigation, supported by both internal and external cybersecurity experts, to determine the extent of the breach and its potential impact on customers.
Although AT&T has stated that it does not have evidence of unauthorized access to its systems resulting in the exfiltration of the data set, the company has not yet confirmed whether the data originated from AT&T itself or one of its vendors. The leaked data includes a wide range of sensitive customer information, such as names, home addresses, phone numbers, dates of birth, and Social Security numbers, in addition to the encrypted account passcodes.
Sam “Chick3nman” Croley, the security researcher who examined the leaked data, discovered that the encrypted passcodes could be reverse-engineered by correlating them with surrounding account data, such as customer dates of birth, house numbers, and partial Social Security numbers. This revelation prompted AT&T to take immediate action to protect its customers’ accounts.
As a precautionary measure, AT&T will be contacting all 7.6 million existing customers whose passcodes have been reset, as well as current and former customers whose personal information was compromised in the leak. The company has also provided guidance to customers on how to keep their accounts secure in the aftermath of this incident.
If you are a current or former AT&T customer, you should determine how this leak impacts your privacy, and current customers should make sure their passcode has been changed.
Read more at TechCrunch here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.