The Easter weekend brought some bad news for 73 million current and former AT&T customers. The carrier confirmed a massive data breach impacting “7.6 million current AT&T account holders and 65.4 million former account holders.” AT&T reset the password of its existing subscribers, and started notifying all those impacted by the hack.
This isn’t an April Fool joke. If you’re getting notifications from AT&T, or see news online mentioning the event, it’s because it’s very real.
Reports some three years ago claimed that over 70 million AT&T accounts were breached, with some of that customer data selling on the dark web. The carrier denied that the customer information came from its servers at the time.
More recently, data from the more than 70 million accounts made its way online again. It might include AT&T customer names, home addresses, phone numbers, dates of birth, and Social Security numbers. Additionally, each customer’s AT&T account password is part of the hack. These are 4-digit PINs that customers might use to protect their AT&T accounts.
According to TechCrunch, those PINs are incredibly easy to hack even if they’re encrypted. A security researcher was able to do it, with TechCrunch notifying AT&T.
The blog withheld disclosing the security issue until AT&T started resetting customer account passcodes. AT&T still has no idea what caused the hack, according to a support document on the matter:
AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web. While AT&T has made this determination, it is unknown whether the data in those fields originated from AT&T or one of its vendors.
The carrier said the data leak does not contain personal financial information or call history. But considering the amount of information the database holds, hackers could do plenty of harm with what’s available.
Then again, AT&T says the breach dates back to 2019, if not earlier. Hackers could have used the information for nefarious purposes already.
You should reset your passcode if you’ve received a notice from AT&T. You should also set up fraud alerts, something AT&T recommends:
We encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via Freecreditreport.com.
AT&T will reach out via email offering complimentary identity theft and credit monitoring services.
Finally, make sure you check out the FAQ section of AT&T’s support document, which offers all the information AT&T is ready to disclose, as of March 31st.