AT&T Resets 73 Million Customer Passcodes After Breach

AT&T has confirmed a data breach affecting over 73 million of its current and former customers. This breach, which saw sensitive customer information leaked onto the dark web, has prompted the telecommunications giant to reset the passcodes of millions of customer accounts in a bid to secure user data and mitigate potential risks.

The company has confirmed that the breach involves approximately 7.6 million current AT&T customers and 65.4 million former users, with the leaked data reportedly dating back to 2019 or earlier.

The compromised dataset includes Social Security numbers, full names, email and mailing addresses, phone numbers, dates of birth, and, notably, AT&T account numbers and passcodes. However, the company has stated that financial information and call history do not appear to have been exposed.

Security researcher Sam “Chick3nman” Croley disclosed to TechCrunch that the dataset included AT&T customer passcodes in an encrypted format. However, Croley found that the encryption did not secure the passcodes effectively. He demonstrated this by removing duplicate encrypted values from the 73 million records, after which approximately 10,000 unique encrypted values remained. These correlated with the range of possible four-digit passcode permutations, with some outliers for passcodes longer than four digits.

Croley's analysis suggested that the encrypted data's insufficient randomness could allow someone to guess a customer's four-digit account passcode, especially since many people use personally significant numbers for their passcodes. He was able to reverse-engineer which encrypted values matched specific plaintext passcodes by correlating them with surrounding account data found in the leak.

AT&T swiftly initiated a reset of passcodes for all impacted current customers to prevent unauthorized access to accounts. Additionally, AT&T has launched a robust investigation into the incident to ascertain the breach's origins and full impact. The source of the leak remains unidentified, and AT&T continues to deny that the data was directly leaked from its systems or through one of its vendors.

Notably, this is not the first time AT&T has faced security challenges; the company has experienced several breaches in recent years. It has announced plans to offer complimentary identity theft and credit monitoring services to those affected by this most recent breach.

AT&T has advised customers to remain vigilant by closely monitoring their account activity and credit reports. Affected individuals should monitor their online account activity and consider freezing their credit.