AT&T confirmed that the data posted on a dark web forum, belonged to 73 million users. Based on initial investigations, the data dates back to 2019 or earlier years. Of The US telephone operator, has started contacting all those affected, asking tell them to reset their passcodes.
AT&T has been in denial for nearly three years
Almost three years ago, a certain ShinyHunters tried to sell stolen data for either low as $200,000, on RaidForums. At the time, AT&T said the data did not come from its systems. In mid-March, a certain MajorNelson reposted the same data on another dark web forum.
Once again, AT&T denied that they came from its systems. After two weeks, the US operator finally admitted to having suffered a data breach, specifying that it may have been stolen from a seller. Based on the preliminary investigation, the data belongs to the approximately 7.6 million current customers and approximately 65.4 million, as customers for a total of approximately 73 million.
The database contains names, postal addresses, dates of birth, phone numbers, social security numbers, email addresses, account numbers and passcodes. The latter is a four-digit numeric PIN that is asked for some operations, for example during a customer support call, for the account management service in some stores or for the login.
AT&T will contact all 7.6 million current users, asking tell them to reset their passcode. The investigation is still ongoing, so further details will be provided in the coming days. To check if the email address that is out of the database that you can use and Troy Hunt's Have I Been Pwned service.
Discussion about this post