AT&T confirms data breach and resets millions of customer passcodes

Photo of author


AT&T has acknowledged that the online data leak involved information from more than 7.6 million current customers and 65 million former customers. The company has reset the security passcodes of affected active customers, and said the leaked information included “full name, email address, mailing address, phone number, Social Security number, date of birth, AT&T account number, and passcode.” “Can happen.”

AT&T is reaching out to affected customers via “email or letter” to let them know what data was included and what it is doing to customers in response.

The company’s acknowledgment that the leaked data was genuine – the first reports of the leak surfaced in 2021 – came only after techcrunch notified AT&T on Monday about the vulnerability of its encrypted passcodes. Passcodes are typically four-digit numeric PINs used for account security over phone calls with company support or in-store verification and a security researcher’s analysis showed that passcodes are “easy to understand”. Was.

This FAQ states that customers can set up free fraud alerts from credit bureaus Equifax, Experian and TransUnion. According to AT&T, the data set “appears to be from 2019 or earlier and does not include personal financial information or call history.” The company says it is working with “external cybersecurity experts to analyze the situation” and so far it has “no evidence of authorized access” to its systems.

Leave a comment