AT&T has initiated a mass reset of millions of customer account passcodes following a reported data breach, as per TechCrunch. The leaked data comprises customer names, passcodes, home addresses, phone numbers, dates of birth, and Social Security numbers of account holders originating from 2019 or earlier.
Approximately 7.6 million current users and an additional 65.4 million former AT&T account holders are being contacted by AT&T, acknowledging potential compromise of their information.
“AT&T has launched a robust investigation supported by internal and external cybersecurity experts. Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders,” AT&T stated this past weekend. “AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”
AT&T has officially acknowledged that the leaked data pertains to its customers, after an attacker claimed to have stolen 73 million AT&T customer records in 2021. While AT&T previously refuted any breach of its systems, the exact source of the leak remains undetermined, but this is the first time the company has publicly acknowledged it. The data was released on a cybercrime forum and verified by numerous security researchers. As of this past weekend, AT&T indicated that it is still uncertain whether the data found in those records originated from AT&T itself or one of its vendors.
The passcodes were encrypted, but those consisting of only four numbers can be relatively easy to crack, especially if they’re used to unlock a device. Similar to passwords, if you’ve used your old passcode on other devices or websites, it’s crucial to reset it promptly. Reusing passcodes and reusing passwords across multiple devices and platforms increases vulnerability to attacks. AT&T is also advising customers to monitor their account activity and credit reports through Freecreditreport.com.