AT&T Data Leak Overview

Key Details

• AT&T acknowledged a data leak affecting 73 million users (7.6 million current and 65.4 million former subscribers).
• The data set seems to originate from 2019 or earlier.
• AT&T reset passcodes for affected users.

Affected Information

• Personal information leaked includes:
  • Full names
  • Email addresses
  • Mailing addresses
  • Phone numbers
  • Social Security numbers
  • Dates of birth
  • AT&T account numbers
  • Passcodes

Data Breach Sources and Accessibility

• Data appeared on both the open web and dark web.
• Accessible without special software, contradicting "dark web" terminology.
• Troy Hunt noted that data is visible on public forums, accessible via regular web browsers.
• Data required forum account and "credits" to view.

AT&T's Position

• Unclear if data originated directly from AT&T or an AT&T vendor.
• No evidence found yet indicating unauthorized access to AT&T's systems.
• Communicating with impacted individuals and offering credit monitoring.

Previous Incidents

• Related to a 2021 incident where data was offered for sale for $1 million.
• AT&T previously stated no breach in their systems was evident.

Expert Analysis

• Troy Hunt: Data added to "Have I Been Pwned" database.
• 49 million unique email addresses identified.

AT&T's Actions

• Proactive communication with affected individuals.
• Resetting four-digit passcodes used for account management.
• Offering free credit monitoring where applicable.

Future Updates

• Ongoing investigation to verify the origin of the data.
• AT&T continues to assess and communicate findings.

Conclusion

• AT&T acknowledges the severity and potential impact of the data leak.
• Measures are being taken to protect affected users and secure their data.