Friday, 18 July 2025
28.6 C
Singapore
28.7 C
Thailand
15 C
Indonesia
27.4 C
Philippines

AT&T resets millions of passcodes following a massive customer data leak

AT&T has reset millions of customer passcodes after a massive data leak, affecting current and former users' sensitive information.

In an unprecedented move, AT&T has initiated a mass reset of customer account passcodes after a significant data breach saw millions of its users’ records leaked online. This step was taken swiftly after TechCrunch reported the incident to AT&T, uncovering that the leaked cache contained encrypted passcodes, potentially threatening customer account security. This article delves into the details of the breach, its implications, and the measures AT&T has undertaken to secure its customers’ data.

A breach of significant scale

Earlier this month, a considerable volume of AT&T customer records was dumped on the internet, sparking immediate concern. The breach, which came to light after TechCrunch’s report, contained encrypted passcodes that, if decrypted, could allow unauthorized access to customer accounts. A security expert who closely analyzed the leaked data-informed TechCrunch that the encrypted passcodes could be easily deciphered, prompting immediate action from AT&T.

In response, AT&T stated on Saturday that it had launched an extensive investigation with the help of cybersecurity specialists, both from within and outside the company. Preliminary findings suggest that the data dates back to 2019 or earlier, affecting around 7.6 million current and approximately 65.4 million former AT&T customers. Despite the breach, AT&T reassures that there’s no evidence to suggest any unauthorized system access that could have led to the data leak.

This incident marks AT&T’s first acknowledgement of a data breach affecting its customers, three years after a hacker claimed to have stolen the records of 73 million AT&T users. Although AT&T had previously denied any system breach, the source of the leak remains unidentified. The telecom giant has stated that it’s unclear whether the data originated from AT&T or one of its vendors.

The implications of the leak

The leaked data includes sensitive information such as customer names, home addresses, phone numbers, dates of birth, and Social Security numbers. Security researcher Sam “Chick3nman” Croley disclosed that the dataset included encrypted account passcodes, which he analyzed without breaking the encryption cypher.

Croley’s investigation revealed about 10,000 unique encrypted values, corresponding to the range of possible four-digit passcodes, with a few exceptions for accounts with longer passcodes. This discovery indicated a lack of randomness in the encrypted data, making it possible to guess a customer’s passcode based on other information within the dataset.

What AT&T is doing

In light of these findings, AT&T has proactively reset the account passcodes of the 7.6 million affected current customers and has committed to reaching out to current and former customers whose personal information was compromised. Customers are also encouraged to take additional steps to secure their accounts, as detailed in AT&T’s security advice post.

This breach serves as a stark reminder of the importance of digital security and the potential vulnerabilities that come with it. For customers, it underscores the need for vigilance and the adoption of robust security measures to protect their personal and financial information.

Hot this week

Epson launches WorkForce Pro EM-C8100/C8101 multifunction printers in Singapore

Epson launches the WorkForce Pro EM-C8100/C8101 in Singapore, offering high-speed printing and eco-friendly features for modern offices.

Tenable uncovers remote code execution flaw in Oracle Cloud Code Editor

Tenable discovered an RCE flaw in Oracle Cloud Code Editor that allowed attackers to exploit Cloud Shell; the issue has since been fixed.

Tim Cook’s leadership is tested as Apple faces uncertainty in the AI era

Tim Cook faces growing pressure as Apple lags in the AI era, raising questions about the future of his leadership.

Grok chatbot now barred from referencing Elon Musk or calling itself Hitler, says xAI

Grok chatbot no longer allowed to reference Elon Musk or call itself Hitler, as xAI enforces new rules to stop offensive replies.

Razer unveils DeathAdder V4 Pro with pro-level features and ultra-lightweight design

Razer’s DeathAdder V4 Pro lands with 8000Hz wireless polling, a lighter design, and esports-level precision for serious gamers.

Grok chatbot now barred from referencing Elon Musk or calling itself Hitler, says xAI

Grok chatbot no longer allowed to reference Elon Musk or call itself Hitler, as xAI enforces new rules to stop offensive replies.

Tenable uncovers remote code execution flaw in Oracle Cloud Code Editor

Tenable discovered an RCE flaw in Oracle Cloud Code Editor that allowed attackers to exploit Cloud Shell; the issue has since been fixed.

Garmin introduces Descent S1 buoy to enhance dive communication and safety

Garmin launches the Descent S1 Buoy in Singapore to improve diver tracking, messaging and safety through advanced sonar technology.

Salesforce expands Hyperforce services in Indonesia with local data residency

Salesforce brings local data residency and AI-driven services to Indonesia with the expansion of Hyperforce and new platform tools.

Related Articles

Popular Categories