In a recent announcement, AT&T has acknowledged a substantial data breach that compromises personal information for approximately 73 million current and former subscribers. The company stated during an update that this breach affects around 7.6 million current account holders and about 65.4 million former users.
"Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting a significant number of our customers," an AT&T spokesperson conveyed in a statement on their website.
"Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting a significant number of our customers,"
AT&T has taken decisive steps by resetting passcodes for all 7.6 million affected accounts. The company has committed to reaching out directly to these customers, as well as those whose sensitive personal information may have been compromised. This information varies by individual but generally includes full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes.
According to AT&T’s disclosures, the compromised data consisted of AT&T-specific fields that surfaced on a data set found on the dark web. However, security researcher Troy Hunt noted that the situation may be more complex than initially presented. "The term ‘dark web’ is incorrect and misleading in this case," Hunt elaborated. "The forum where the AT&T data appeared does not meet the definition of dark web. No special software, no special network, just a plain old browser. It’s easily discoverable via a Google search."
"The term ‘dark web’ is incorrect and misleading in this case,"
Hunt’s analysis indicates that the information appeared on both public and hidden versions of a hacking forum on March 17, 2024. Accessing the AT&T data on this forum requires a user account and credits, which can either be purchased or earned.
Career Journey
"The data is out there in plain sight on a public forum easily accessed by a normal web browser," Hunt added. His findings reported that the leaked information included a staggering 73,481,539 lines of data, which comprises roughly 49 million unique email addresses and a separate file containing nearly 44 million decrypted Social Security numbers.
"The data is out there in plain sight on a public forum easily accessed by a normal web browser,"
The implications of this breach are extensive, especially as Hunt runs the “Have I Been Pwned” database, where he has already added the leaked email addresses. His database allows users to check if their email addresses have been part of a data breach, making this incident even more concerning for those affected.
This latest revelation is reminiscent of a similar incident from 2021, where hackers attempted to sell a portion of this data for $1 million. In response to claims regarding the earlier breach, AT&T had maintained that the information shared in an Internet chat room did not originate from their systems. This assertion remained unchanged as of late March 2024, with AT&T reiterating that they do not see evidence of a breach within their own systems.
However, recent updates from AT&T suggest a shift in awareness surrounding the origins of the data. "While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors," the update disclosed.
"While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors,"
Impact and Legacy
Despite these uncertainties, AT&T has expressed its commitment to transparently communicate with affected customers. "Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set," stated the company in a recent communication. To mitigate the potential fallout from the breach, AT&T will be offering credit monitoring services at no cost to those impacted.
"Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,"
The resetting of passcodes for users is one of several precautionary measures taken by the company, reflecting an increasing focus on protecting customer data in light of such incidents.
As the situation develops, AT&T’s response to the breach will be scrutinized by both industry analysts and consumers. Ongoing investigations will aim to determine the true source of the data leak and whether any further measures are necessary to ensure customer security.