Checklist 370: The New Old AT&T Data Disaster

AT&T Resets Millions of Customer Account Passcodes After Data Breach

In a development spanning several years, phone giant AT&T has taken action to reset millions of customer account passcodes following a significant data breach. According to an exclusive report from TechCrunch, AT&T initiated the mass-reset of passcodes after discovering a cache of leaked data containing encrypted passcodes that could potentially grant unauthorized access to customer accounts.

The recent reset was prompted by TechCrunch’s notification to AT&T about the leaked data earlier this month. A security researcher who analyzed the data found that the encrypted passcodes were easily decipherable, prompting further investigation by AT&T. The telecommunications company stated that the data set, believed to be from 2019 or earlier, affects approximately 7.6 million current AT&T account holders and around 65.4 million former account holders.

This breach, however, is not a standalone incident. Reports suggest that customer data leaks involving AT&T have surfaced as early as 2021 and 2022. In 2021, both Krebs on Security and BleepingComputer reported on instances where threat actors claimed to possess databases containing personal information of AT&T customers. AT&T denied any compromise at that time, attributing the leaked data to potential third-party sources.

Further complicating matters, in 2022, a cybersecurity firm intercepted a sizable stolen dataset containing personal details of nearly 23 million Americans, potentially including AT&T customers. While AT&T did not outright confirm the data’s origin, it hinted at a possible link to a previous data incident at another company.

AT&T’s response to the recent breach includes resetting passcodes for affected customers, along with offering complimentary identity theft and credit monitoring services. This marks the first time AT&T has explicitly acknowledged the leaked data belonging to its customers. The company reassured customers that the compromised data does not include personal financial information or call history, though it does contain sensitive details like names, addresses, Social Security numbers, and birth dates.

In light of these events, AT&T urges customers to remain vigilant against potential phishing scams and to monitor their account activity and credit reports closely. The telco is collaborating with internal and external cybersecurity experts to analyze the situation thoroughly.

TechCrunch, which held the publication of its report until AT&T initiated the passcode reset, has shed light on a concerning breach that underscores the persistent threat of data security lapses within major corporations. As AT&T grapples with the aftermath of this breach, questions remain about the effectiveness of its security measures and the long-term implications for its customers’ privacy and security.

AT&T Warns Customers of Potential Phishing Scams Following Data Breach

In the aftermath of the recent data breach affecting millions of AT&T customers, the telecommunications giant is cautioning its user base about the looming threat of phishing scams. Although no specific instances have been reported yet, experts warn of the potential for scammers to capitalize on the breach by sending deceptive emails aimed at tricking recipients into divulging personal information.

These phishing emails, disguised as security notifications or offers of protection, could be sent to a wide audience, including individuals who have never been AT&T customers. By casting a wide net, scammers hope to ensnare unsuspecting victims who may have had past dealings with AT&T or are concerned about the breach. AT&T advises customers to remain vigilant and exercise caution when interacting with suspicious emails or messages.

In addition to phishing precautions, AT&T recommends customers take proactive steps to safeguard their accounts. This includes resetting passcodes regularly, especially if they haven’t been changed within the past year. The telco emphasizes the importance of creating strong, unique passcodes, discouraging the use of easily guessable combinations such as four-digit numbers derived from personal information.

Furthermore, AT&T encourages customers to monitor their account activity and credit reports diligently. The company suggests setting up free fraud alerts with credit bureaus like Equifax, Experian, and TransUnion, as well as regularly reviewing credit reports for any signs of suspicious activity.

As part of its response to the breach, AT&T has initiated a comprehensive outreach effort, contacting all 7.6 million existing customers whose passcodes were reset, as well as reaching out to current and former customers whose personal information may have been compromised.

While the full extent of the breach’s impact remains unclear, AT&T’s proactive measures aim to mitigate potential risks and reassure customers of their ongoing commitment to data security.