Major telecommunications company AT&T forcibly resets customer account passcodes as ``personal information of a total of 73 million people was leaked to the dark web''
On March 30, 2024 (local time),
AT&T Addresses Recent Data Set Released on the Dark Web
https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html
Keeping Your Account Secure - AT&T Bill & account Customer Support
https://www.att.com/support/article/my-account/000101995?bypasscache=1/
AT&T confirms data for 73 million customers leaked on hacker forum
https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/
AT&T resets account passcodes after millions of customer records leak online | TechCrunch
https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/
In a statement released on March 30, AT&T said, ``We have discovered that a dataset published on the dark web approximately two weeks ago contains items unique to AT&T data.'' We have reported that a customer's personal information has been compromised by a vendor.
AT&T has already begun an investigation with the help of internal and external cybersecurity experts. According to preliminary analysis, the data set appears to be from before 2019, and includes data for approximately 7.6 million people who had accounts at the time of article creation and approximately 65.4 million people who had accounts in the past. It is said that it is.
The dataset released on the dark web this time is believed to be a dataset sold on a hacking forum by a prominent hacker who claims to have ``stolen AT&T's database containing personal information of 70 million people'' in 2021. The data reportedly includes AT&T customer names, home addresses, phone numbers, dates of birth, social security numbers, and more.
At the time, AT&T denied that the data belonged to them and that their systems had not been compromised, but with this leak AT&T finally admitted that the data had been leaked. However, AT&T still maintains that it has found no evidence of unauthorized access to its systems that led to the data set leak, and that it does not know whether the leaked data belonged to AT&T or the vendor.
Security researcher
When setting a four-digit passcode, it's not uncommon for people to use numbers that are meaningful to them, such as their social security number, phone number, zip code, or date of birth. Therefore, Mr. Croly reported that by associating the encrypted passcode with peripheral data such as the user's date of birth, phone number, zip code, and date of birth, he was able to match the original passcode using reverse engineering techniques. doing.
TechCrunch notified AT&T of this incident on March 25th, and AT&T subsequently performed a mass reset of passcodes. If you look at the support page actually published by AT&T, it says, ``If you have an active account affected by this, your passcode has already been reset.''
Related Posts:
in Security, Posted by log1h_ik