AT&T data breach affects over 70 million current, former customers | TechCrunch Minute

AT&T has reset millions of customer Account passcodes after a huge cash of Customer records were leaked online we Got to talk about this now Tech wrenches Security desk broke news of this Particular leak I am proud to report the Leaked data in question contained Encrypted passcodes that could be used To access customer data and were also Very easy to decipher which is you can Imagine a pretty bad combination now According to AT&T the Telo giant has Launched an investigation and based on Its find ings thus far the data set Appears to be from 2019 or earlier and Impacts around 7.6 million current 18t Account holders and around 65 million Former account holders the leaked data Includes AT&T customer names home Addresses phone numbers states of birth And Social Security numbers a statement From the company says quote AT&T does Not have evidence of unauthorized access To its systems resulting in exfiltration Of the data set and in other words it's Not us AT&T also said on Saturday that It is not yet known and I quote whether The data in those fields originated from AT&T or one of its vendors so we don't Even know really what bucket this was Taken from now if you're asking Yourselves why are we talking about a Leak that occurred years ago well this Is the first time that AT&T is owning up

To the fact that their data was in fact Leaked back in 2021 a hacker who claimed That AT&T was breached posted only a Small sample of Records making it Difficult to check to see if the data Really was authentic however this March AKA last month a data seller published The full 73 million alleged AT&T records Online on a known cyber crime Forum this Allowed for a more detailed analysis of The leak records now 18 customers have Since confirmed that their leaked data Was in fact accurate so we kind of Figured out what this was and its Authenticity and security researcher Sam Chicken Man Crawley told Tech rench that Each record in the leaked data also Contains the AT&T customers account Passcode in an encrypted format however Cowley also said that it was not Actually necessary to crack the Encryption Cipher to unscramble that Passcode data not good according to the Researcher the insufficient randomness Of the encrypted data means it's Possible to guess the customer's Four-digit account passcode based on Surrounding information in the leaked Data set now what does that mean in Practice well it's actually not that Uncommon for people to use a four-digit Passcode as a number set based on Numbers that are meaningful to them the Last four of your social phone numbers a

Birth year a house number you get the Idea this is called surrounding data and It's very easy for a hacker to find Within the account information they're Trying to hack so once they find that They can correlate the encrypted Passcodes to the surrounding data and They're it if I lost you a little don't Worry about it all you need to walk away With is knowing that it may be time to Reset your pass goats to something a Little bit more random and keep in mind That yeah we still don't have cyber Security figured out yet that's why this Won't be the last story that we bring You stay safe