Companies
31/03/2024

The Compromised Data Set Of AT&T Affects Roughly 73 Million Active And Past Customers




The telecom giant AT&T announced on Saturday that it is looking into a data set that was made available on the "dark web" around two weeks ago. According to its initial investigation, the data set may have affected 65.4 million former and 7.6 million current account holders.
 
The data set looks to be from 2019 or earlier, according to the business. According to AT&T, there is no proof that the incident resulted in unauthorised access to its systems.
 
According to the firm, it is currently unknown if the data came from AT&T or one of its suppliers.
 
The source of the data is still being investigated, according to AT&T, which stated that the event has not materially affected its operations.
 
All affected parties have been contacted by AT&T, which has reset passcodes for 7.6 million active users. Additionally, it promised to provide credit monitoring when necessary.
 
In the US, the telecom carrier's 5G network serves about 290 million people.
 
Federal investigations were spurred by an AT&T outage in February that caused thousands of U.S. users' calls and text messages to be interrupted.
 
Following the discovery online earlier this month of a massive cache of data involving AT&T customer records, TechCrunch has exclusively discovered that AT&T has reset millions of user account passcodes.
 
After TechCrunch notified AT&T on Monday that the compromised data contained encrypted passcodes that could be used to access AT&T user accounts, the US telecom behemoth started the mass reset of passcodes.
 
TechCrunch was informed by a security researcher who examined the exposed data that the encrypted account passcodes are simple to figure out. AT&T was informed of the security researcher's findings by TechCrunch.
 
AT&T stated in a statement on Saturday: “AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”
 
“AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said.
 
Additionally, AT&T has an article outlining what users may do to safeguard their accounts.
 
Usually consisting of four digits, AT&T customer account passcodes serve as an extra security measure when a client accesses their account online, at retail locations, or by contacting AT&T customer support.
 
Approximately three years after a hacker claimed to have stolen 73 million AT&T customer records, this is the first time that AT&T has recognised that the disclosed data belonged to its customers. Although AT&T had denied that there had been a system breach, it is still unclear where the leak originated.
 
"It is not yet known whether the data in those fields originated from AT&T or one of its vendors," AT&T stated on Saturday.
 
Due to the hacker's limited record-posting in 2021, it was challenging to verify the authenticity of the data pertaining to the AT&T breach. A more thorough examination of the leaked records was made possible when a data seller posted the entire set of purported AT&T records—73 million in total—online on a forum dedicated to cybercrime earlier in March. Since then, AT&T customers have attested to the accuracy of their account data that was exposed.
 
Names, home addresses, phone numbers, dates of birth, and Social Security numbers of AT&T customers are among the information that was compromised.
 
TechCrunch was informed by security researcher Sam "Chick3nman" Croley that every entry in the compromised data includes the encrypted account passcode of the AT&T user.
 
Croley verified his conclusions once more by comparing records from the compromised data to AT&T account passcodes that were private to him. According to Croley, it was not required to break the encryption cypher in order to decode the passcode data.
 
Croley eliminated any duplicates from the 73 million encrypted passcodes in the data collection. The outcome was around 10,000 distinct encrypted values, or every four-digit passcode permutation from 0000 to 9999, with a few exceptions for the tiny percentage of AT&T users whose account passcodes were longer than four digits.
 
Croley claims that based on surrounding information in the compromised data set, it is feasible to predict the customer's four-digit account passcode due to the encrypted data's lack of sufficient randomness.
 
People frequently set passcodes that have personal meaning for them, especially if they are only four digits long. That may be the last four digits of a phone number, the Social Security number, the birth year, or even the final four digits of a house number. The surrounding information is present in nearly every record in the data set that was compromised.
 
Croley was able to decipher which encrypted values matched which plaintext passcode by comparing encrypted account passcodes to surrounding account data, such as customer dates of birth, house numbers, partial Social Security numbers, and phone numbers.
 
In addition to notifying current and past consumers whose personal information was exposed, AT&T stated that it will get in touch with each of the 7.6 million current customers whose passcodes it reset.
 
(Source:www.abcnews.go.com & www.techcrunch.com) 

Christopher J. Mitchell
In the same section