Massive AT&T data leak hits 73 million users — what to do now

News
By published

Names, addresses, dates of birth, Social Security numbers and encrypted passcodes all leak

AT&T phone deals
(Image credit: Shutterstock)

Telco giant AT&T has revealed that it has suffered a massive data breach, including the personal data of a combined 73 million current and former customers.  

The data appeared on the dark web approximately two weeks ago, AT&T says, adding that it appears to be “from 2019 or earlier.” It is “not yet known whether the data in those fields originated from AT&T or one of its vendors,” the company adds.

The good news is that it “does not contain personal financial information or call history.” The bad news is that it does include customer names, home addresses, phone numbers, dates of birth, Social Security numbers and encrypted passcodes. 

The 7.6 million current customers impacted have had their passcodes reset, the company said, though obviously there’s less it can do for data lifted and used for identity theft. 

“We will be reaching out to individuals with compromised sensitive personal information separately and offering complimentary identity theft and credit monitoring services,” says a page on the official site, where you can also find more information on how to keep your AT&T account secure in the wake of the data breach. 

Passcodes, not passwords

It’s important to note that the data includes passcodes, rather than passwords. Passcodes are (typically four-digit) numbers used for extra security when accessing a customer account via phone, in store or online. 

That may make the breach appear less immediately threatening to the 65.4 million former customers, but those impacted should still be vigilant if other passcodes of theirs replicate the combination. 

That’s because there’s potentially enough data within the breach to guess the PIN. As security researcher Sam Croley told TechCrunch, passcode data could be unscrambled without the encryption cipher, thanks to customers’ frequent use of associated digits for their four-number passcodes. In other words, with Social Security, phone and house numbers all potentially leaked at the same time, there are a number of ready-made combinations for criminals to try.  

Talk of a breach first surfaced earlier this month, when the X account @vx-underground claimed that over 70 million records were leaked onto Breached. At the time, AT&T suggested this was likely a rehash of a dataset it dismissed back in 2021

It’s been a rough start to the year for the telco. Last month, it was forced to deny that a near day-long outage was not the result of a cyberattack.

See more Computing News
TOPICS
Alan Martin
Alan Martin

Freelance contributor Alan has been writing about tech for over a decade, covering phones, drones and everything in between. Previously Deputy Editor of tech site Alphr, his words are found all over the web and in the occasional magazine too. When not weighing up the pros and cons of the latest smartwatch, you'll probably find him tackling his ever-growing games backlog. Or, more likely, playing Spelunky for the millionth time.

Read more
Globe Life insurance company logo on a cell phone in front of a monitor display the About page for the company. Shadowy hand holds the phone.
850,000 people exposed in massive insurance data breach — full names, dates of birth and SSNs
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
An open lock depicting a data breach
The top 10 data breaches of 2024
An open lock depicting a data breach
3.5 million hit in major law firm data breach — full names, SSNs, dates of birth, addresses and more exposed
An open lock depicting a data breach
Massive healthcare data breach just exposed the personal info of 1 million Americans — what to do now
Screen graphic showing data breach warning
5 worst data breaches of 2024 — including the mother of all breaches
Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
More about online security
23andME box

23andMe has declared bankruptcy — here's how to delete your data now

A man filing his taxes electronically on a laptop

AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
Woman has taped her mouth shut with a blue I shaped mouth tape

I tried the viral I-shaped mouth tape to improve my sleep and I'll never wear it again — here's why
See more latest
1 Comment Comment from the forums
  • rgd1101
    The good news is that it “does not contain personal financial information or call history.”
    they have the ssn. they can do more with that
    Reply