Technology

Millions of users’ passcodes are reset by AT&T after account information has been disclosed on the dark web

In addition to 65.4 million past account holders, AT&T claims that 7.6 million of its current customers were impacted by a recent breach that resulted in sensitive data being posted on the dark web. The business has reset the passcodes of all impacted active accounts, as TechCrunch originally reported on Saturday morning. AT&T verified the action in a statement posted on its support page. According to TechCrunch, AT&T claims that the data set “appears to be from 2019 or earlier” and contains names, home addresses, phone numbers, dates of birth, and Social Security numbers.

TechCrunch claims that on Monday, after a security researcher found that the records contained easily decipherable encrypted passcodes, it notified AT&T about the possibility that the exposed data could be used to access consumers’ accounts. “We’ve launched a robust investigation supported by internal and external cybersecurity experts,” AT&T announced today. According to AT&T, the information first surfaced on the dark web roughly two weeks ago.

It happens three years after ShinyHunters, a hacker, declared in 2021 that they had access to 73 million AT&T users’ account information. When the hacker released samples of material online, AT&T told BleepingComputer that the information did not appear to have come from their systems, denying any security violation. “It is not yet known whether the data in those fields originated from AT&T or one of its vendors,” the company has since stated. “Does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” according to what it says thus far.

AT&T promises to get in touch with account holders who were impacted by the leak, both past and present. Additionally, the business promises to provide credit monitoring to such clients “where applicable.”