AT&T confirmed that data posted on a dark web forum belonged to 73 million users. Based on initial investigations, the data dates back to 2019 or earlier years. The US telephone operator has started contacting all those affected, asking them to reset their passcodes.
AT&T has been in denial for nearly three years
Almost three years ago, a certain ShinyHunters tried to sell stolen data for as low as $200,000 on RaidForums. At the time, AT&T said the data did not come from its systems. In mid-March, a certain MajorNelson reposted the same data on another dark web forum.
Once again, AT&T denied that they came from its systems. After two weeks, the US operator finally admitted to having suffered a data breach, specifying that it may have been stolen from a seller. Based on the preliminary investigation, the data belongs to approximately 7.6 million current customers and approximately 65.4 million old customers for a total of approximately 73 million.
The database contains names, postal addresses, dates of birth, phone numbers, social security numbers, email addresses, account numbers, and passcodes. The latter is a four-digit numeric PIN that is asked for some operations, for example during a customer support call, for account management in some stores or for login.
AT&T will contact all 7.6 million current users, asking them to reset their passcode. The investigation is still ongoing, so further details will be provided in the coming days. To check if the email address is out of the database you can use Troy Hunt’s Have I Been Pwned service.
Discussion about this post