Topics
Latest
AI
Amazon
Image Credits:Richard B. Levine / Getty Images
Apps
Biotech & Health
mood
Image Credits:Richard B. Levine / Getty Images
Cloud Computing
Commerce
Crypto
enterprisingness
EVs
Fintech
fund raise
Gadgets
bet on
Government & Policy
ironware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
newssheet
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
US telco giant takes action after 2019 data spill
earpiece giant AT&T has reset million of customer invoice passcodes after a Brobdingnagian stash of data containing AT&T customer records was dump online earlier this calendar month , TechCrunch has exclusively learned .
The U.S. telco titan broach the passcode stack - reset after TechCrunch informed AT&T on Monday that the leaked data point moderate encipher passcodes that could be used to access AT&T customer accounts .
A security research worker who analyzed the leaked information told TechCrunch that the encipher story passcodes are prosperous to decode . TechCrunch alerted AT&T to the surety investigator ’s finding .
In a statement provided Saturday , AT&T said : “ AT&T has launched a full-bodied probe support by intimate and outside cybersecurity experts . base on our preliminary analysis , the data solidifying come out to be from 2019 or in the beginning , impact about 7.6 million current AT&T account holders and approximately 65.4 million former account holders . ”
“ AT&T does not have grounds of unauthorised access to its system resulting in exfiltration of the data point Seth , ” the statement also say .
TechCrunch held the publication of this story until AT&T could begin resetting customer account passcodes . AT&T also has a C. W. Post onwhat customers can do to keep their accounts unattackable .
AT&T customer write up passcodes aretypically four - digit numbersthat are used as an additional layer of security system when accessing a customer ’s report , such as calling AT&T customer serve , in retail store , and on-line .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
This is the first time that AT&T has acknowledge that the leaked information belongs to its customer , some three year after a drudge claim the larceny of 73 million AT&T customer criminal record . AT&T haddenied a break of its system , but the source of the passing water stay on inconclusive .
AT&T said Saturday that “ it is not yet known whether the data in those fields originated from AT&T or one of its vendors . ”
In 2021 , the hacker claim the AT&T rift posted only a small sample distribution of records , realize it unmanageable to verify if the data was authentic . Earlier in March , a data point seller published the full 73 million alleged AT&T records online on a be intimate cybercrime forum , allowing for a more detailed analysis of the leaked record . AT&T customers have sinceconfirmed that their leak out account data is accurate .
The leaked data point let in AT&T client names , base addresses , phone numbers , escort of parentage and Social Security numbers .
Security researcherSam “ Chick3nman ” Croleytold TechCrunch that each record in the leaked data also contains the AT&T customer ’s account passcode in an encrypted format . Croley double - checked his findings by looking up record in the leak data against AT&T story passcodes get it on only to him .
Croley said it was not necessary to crack the encryption cryptograph to unscramble the passcode data .
Croley took all of the cypher passcodes from the 73 million dataset and removed every duplicate . The result amounted to about 10,000 unique encipher time value , which correlate to each four - digit passcode permutation grade from 0000 to 9999 , with a few outlier for the small number of AT&T client with bill passcodes longer than four digits .
concord to Croley , the deficient stochasticity of the encrypted data means it ’s possible to opine the customer ’s four - digit account passcode base on surrounding information in the leaked dataset .
It ’s not rare for people to set passcodes — peculiarly if limit to four digits — that intend something to them . That might be the last four finger of a Social Security phone number or the person ’s earphone bit , the yr of someone ’s parturition , or even the four digits of a house telephone number . All of this ring data is found in almost every record book in the leaked dataset .
By correlating encrypted account passcodes to surrounding write up data — such as client particular date of nativity , house turn , and partial Social Security numbers and phone numbers — Croley was able to reverse - applied scientist which code value couple which plaintext passcode .
AT&T sound out it will contact all of the 7.6 million survive customers whose passcodes it reset , as well as current and former client whose personal data was compromise .
