Criminals have discovered a way to break into email accounts provided by AT&T and is using that to access victim's cryptocurrency exchange accounts and steal their cryptos.
An unnamed tipster talking to TechCrunch revealed how a group of hackers uncovered how to crack email addresses hosted on att.net, sbcglobal.net, bellsouth.net, and other domains from the same provider - AT&T.
Apparently, this group accessed AT&T’s internal network and has the ability to create mail keys for pretty much any user.
AT&T reacts
Mail keys are a type of credential that allows the user to log into their accounts via email clients, such as Outlook, without needing a password. Once they access the inbox, they can request a password change for the crypto account, and after that, they can pull virtually everything found in those accounts.
The tipster even gave a list of people who were allegedly targeted this way, and who confirmed to the publication that the story is true.
Giving credence to the story is also AT&T spokesperson Jim Kimberly, who told TechCrunch that the company did spot someone creating secure mail keys without authorization.
"We have updated our security controls to prevent this activity,” Kimberly said. “As a precaution, we also proactively required a password reset on some email accounts,” the spokesperson said.
The company did not say how many people were affected by this incident, but it did say that it locked some email accounts out of caution.
“This process wiped out any secure mail keys that had been created,” the spokesperson added.
The problem doesn’t seem to be that new, either, as one of the victims said the attacks have been happening “repeatedly since November 2022”. Another victim said they lost more than $130,000.
- Keep your business safe with the best firewalls for small business
Via: TechCrunch