What you need to know
- Data belonging to 73 million accounts, including current and former AT&T customers, was found on the dark web.
- The leaked data include sensitive information like full names, contact details, and social security numbers, except for personal financial details and call history.
- AT&T stated that there is no evidence of unauthorized access to its systems, which resulted in the extraction of the data set.
AT&T has confirmed that it was hit by a huge data breach, affecting the personal information of 73 million current and former customers.
The US telco giant admitted in a blog post that over 7.6 million current customers and 65.4 million former customers had their data floating around on the dark web due to the data leak.
For the active customers impacted, the company has gone ahead and reset their security passcodes. AT&T mentioned that the leaked data might include full names, email addresses, mailing addresses, phone numbers, social security numbers, birthdates, AT&T account numbers, and passcodes.
AT&T acknowledged the data leak after TechCrunch tipped it off about the vulnerability in its encrypted passcodes. These passcodes, usually four-digit numerical PINs, are used for security during phone calls with company support or in-store verification.
According to AT&T, the data was posted on the dark web about two weeks ago. The company stated that it seems to be from 2019 or earlier. AT&T also said it's not sure if the information in those fields came from AT&T directly or from one of its vendors.
Fortunately, it doesn't include personal financial details or call history. AT&T is contacting affected customers via email or letter to inform them about the data involved and what steps they're taking to help them out.
"AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set," the company said.
The data breach came to light when a hacker shared a small sample of the leaked data back in 2021. Then, two weeks ago, a data seller put up details of all 73 million compromised accounts on a cybercrime forum. Customers confirmed that the information was theirs. This marks the first time AT&T has formally recognized the data breach.
AT&T has created an FAQ page and recommends customers set up free fraud alerts from credit bureaus like Equifax, Experian, and TransUnion. It's also collaborating with external cybersecurity experts to look into the matter.