AT&T admitted that a data breach affected 73 million active and returning subscribers

AT&T has reset passcodes for millions of customers following a massive data leak affecting 73 million current and former subscribers and 7.6 million current and 65.4 million former account holders. Leakage of information AT&T is contacting 7.6 million affected customers and resetting their passcodes…

AT&T is contacting 7.6 million customers and resetting passcodes while communicating with account holders with compromised personal information, which is not considered a dark web.
AT&T denied a 2021 data breach involving 73,481,539 lines of data, including 49,102,176 unique email addresses, claiming it did not originate from them.
AT&T is investigating a dark web data set containing personal information, confirming it may be from AT&T or a vendor but not unauthorised access.

AT&T has reset passcodes for millions of customers following a massive data leak affecting 73 million current and former subscribers and 7.6 million current and 65.4 million former account holders.

Leakage of information

AT&T is contacting 7.6 million affected customers and resetting their passcodes. The leaked information includes full names, email addresses, phone numbers, Social Security numbers, dates of birth, account numbers, and passcodes. The data is also available on the open web, accessible by a normal web browser.

The AT&T data leak appeared on both public and Tor versions of a hacking forum on March 17, requiring a hacking forum account and site credits. The forum does not meet the definition of a dark web, as it is accessible via Google search and requires registration for access to personal identifier records.

Also read：Data centre power consumption could surge sixfold over a decade

49 million email addresses

The leaked information from AT&T included a file with 73,481,539 lines of data containing 49,102,176 unique email addresses and 43,989,217 lines of decrypted Social Security numbers. Hunt, who runs the “Have I Been Pwned” database, has added the 49 million email addresses to his database.

BleepingComputer reported a data leak involving the same data as a 2021 incident where a hacker shared samples and attempted to sell the entire set for $1 million. AT&T denied the information in an internet chat room came from their systems and maintained this position last month, stating they still see no evidence of a breach in their systems.

Also read：Nvidia’s next-generation data centres to work with cloud providers

Data may come from yourself or a supplier

AT&T has confirmed that data-specific fields from AT&T may have been found in a dark web data set released two weeks ago. The source of the remaining data, including personal information like Social Security numbers, is still being assessed, and it is unclear whether the data originated from AT&T or a vendor.

AT&T has confirmed that it has no evidence of unauthorised access to its systems resulting in data exfiltration. The company is proactively communicating with affected individuals and offering credit monitoring at its expense. The company resets four-digit passcodes for customer support, retail account management, and website access.