AT&T resets thousands of user passwords as it confirms breached data was its own after all

AT&T finally confirms the authenticity of the 2021 data breach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

American telecommunications behemoth AT&T has finally confirmed the authenticity of the 2021data breachthat spilled sensitive user information on the dark web, and has initiated a mass reset of user passcodes.

Roughly three years ago, privacy blogRestorePrivacybroke the news of a hacker selling sensitive data belonging to more than 70 million AT&T customers. The data allegedly contained people’s names, phone numbers, postal addresses, email addresses, social security numbers, and dates of birth.

WhileAT&T initially denied the breach, saying the data wasn’t from the company, the hacker, going by the name “ShinyHunters” said the organization will likely continue denying until they leak it all.

Reader Offer: Save up to 75% on Aura identity theft protectionTechRadar editors praise Aura’s upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

Mass reset

Surely enough, last month, a seller published the full database, affecting 73 million people - andTechCrunchanalyzed the database, confirming its authenticity, and also establishing that it contained user passcodes, prompting a swift alert towards AT&T.

Passcodes are four-digit numbers that work as the second security layer, and are used to access user accounts. Even though they were encrypted, some researchers argued that it is something that can be worked around. Apparently, there is not enough randomness in the encrypted data, which means that in theory, a threat actor could guess the passcode.

It seems the threat is more than just theoretical, as AT&T initiated a mass-reset of the passcodes over the weekend.

“AT&T has launched a robust investigation supported by internal and external cybersecurity experts,” the company said in a statement published on Saturday. “Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said.

While the telco did confirm the breach, it says that it still doesn’t know where the data came from, whether it was directly from its servers, or from its vendors.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption