AT&T was hacked about two years ago, and the company has finally acknowledged it by agreeing to reset passcodes for its existing customers. The passcodes belonged to 65.4 million former customers and 7.6 million new customers. However, AT&T is only looking to reset the passcodes of its active customers and states that the leaked information "may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode."
It took AT&T time to acknowledge the data breach, but it has finally reset the passcodes of its active customers
The telecommunication giant is now reaching out to customers who were affected by the hack via emails and letters to let them know about the hack and additional details. The company is also letting customers know what type of data was stolen and what it is doing to safeguard its users. It is rather strange how the hack remained unnoticed by the company, as the first reports originated back in 2021.
AT&T has now acknowledged that the leaked data is real after TechCrunch notified them about the vulnerability of its encrypted passcodes on Monday. The passcodes are typically four-digit numbers through which customers verify their accounts. Even though the passcodes were encrypted, it is still possible to decipher the data later. However, no account passwords were leaked in the data breach.
As mentioned earlier, apart from the passcodes to verify the accounts, the data breach also included birth dates, addresses, phone numbers, Social Security numbers, and the names of the customers. While AT&T denied any potential data breaches in 2021, it continues to say that there were no details available on the data breach or "the unauthorized access to its systems resulting in exfiltration of the data set."
AT&T has highlighted the data breach on a new webpage, along with the steps users must take to secure their accounts. Cybersecurity researcher Troy Hunt states that the company "made the wrong call on it, and we’ve had a course of years pass without them being able to notify impacted customers.” The company could become a victim of a class action lawsuit as it failed to admit the data breach despite evidence emerging on hacking forums.
Customers should take safety measures to secure their accounts and keep a check on their account's activity. This is all there is to it, folks. We will share more details on the subject as soon as further information is available
