ATT resets account passcodes after millions of customer records leak online TechCrunch
pFeatured ArticleppCommentppPhone giant ATT has reset millions of customer account passcodes after a huge cache of data containing ATT customer records was dumped online earlier this month TechCrunch has exclusively learnedppThe US telco giant initiated the passcode massreset after TechCrunch informed ATT on Monday that the leaked data contained encrypted passcodes that could be used to access ATT customer accountsppA security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher TechCrunch alerted ATT to the security researchers findingsppIn a statement provided Saturday ATT said ATT has launched a robust investigation supported by internal and external cybersecurity experts Based on our preliminary analysis the data set appears to be from 2019 or earlier impacting approximately 76 million current ATT account holders and approximately 654 million former account holdersppATT does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set the statement also saidppTechCrunch held the publication of this story until ATT could begin resetting customer account passcodes ATT also has a post on what customers can do to keep their accounts secureppATT customer account passcodes are typically fourdigit numbers that are used as an additional layer of security when accessing a customers account such as calling ATT customer service in retail stores and onlineppThis is the first time that ATT has acknowledged that the leaked data belongs to its customers some three years after a hacker claimed the theft of 73 million ATT customer records ATT had denied a breach of its systems but the source of the leak remains inconclusiveppATT said Saturday that it is not yet known whether the data in those fields originated from ATT or one of its vendorsppIn 2021 the hacker claiming the ATT breach posted only a small sample of records making it difficult to check if the data was authentic Earlier in March a data seller published the full 73 million alleged ATT records online on a known cybercrime forum allowing for a more detailed analysis of the leaked records ATT customers have since confirmed that their leaked account data is accurateppThe leaked data includes ATT customer names home addresses phone numbers dates of birth and Social Security numbersppSecurity researcher Sam Chick3nman Croley told TechCrunch that each record in the leaked data also contains the ATT customers account passcode in an encrypted format Croley doublechecked his findings by looking up records in the leaked data against ATT account passcodes known only to himppCroley said it was not necessary to crack the encryption cipher to unscramble the passcode datappCroley took all of the encrypted passcodes from the 73 million dataset and removed every duplicate The result amounted to about 10000 unique encrypted values which correlates to each fourdigit passcode permutation ranging from 0000 to 9999 with a few outliers for the small number of ATT customers with account passcodes longer than four digitsppAccording to Croley the insufficient randomness of the encrypted data means its possible to guess the customers fourdigit account passcode based on surrounding information in the leaked datasetppIts not uncommon for people to set passcodes particularly if limited to four digits that mean something to them That might be the last four digits of a Social Security number or the persons phone number the year of someones birth or even the four digits of a house number All of this surrounding data is found in almost every record in the leaked datasetppBy correlating encrypted account passcodes to surrounding account data such as customer dates of birth house numbers and partial Social Security numbers and phone numbers Croley was able to reverseengineer which encrypted values matched which plaintext passcodeppATT said it will contact all of the 76 million existing customers whose passcodes it reset as well as current and former customers whose personal information was compromisedppEvery weekday and Sunday you can get the best of TechCrunchs coverageppStartups are the core of TechCrunch so get our best coverage delivered weeklyppThe latest Fintech news and analysis delivered every TuesdayppTechCrunch Mobility is your destination for transportation news and insightppBy submitting your email you agree to our Terms and Privacy Notice
ppIts becoming a habit to open each TechCrunch Space newsletter with a bit of an update on Boeings Starliner mission so bear with me ppFeatured ArticleppThe tech layoff wave is still going strong in 2024 Following significant workforce reductions in 2022 and 2023 this year has already seen 60000 job cuts across 254 companies according to independent layoffs tracker Layoffsfyi Companies like Tesla Amazon Google TikTok Snap and Microsoft have conducted sizable layoffs in the ppTelegrams founder Pavel Durov says his company only employs around 30 engineers Security experts say that raises serious questions about the companys cybersecurity ppEmergence on Monday emerged from stealth with 972 million in funding ppThe Multi deal seems to fit into OpenAIs broader recent strategy of investing heavily in enterprise solutions ppCar dealerships and auto shops around the US enter a second week of disruption following cyberattacks at software maker CDK ppConsumer technology is hard but few people have mastered it as well as Matt Rogers cofounder of Nest and now Mill his new startup that promises to turn your table ppGoogle announced on Monday that its bringing its AI technology Gemini to teen students using their school accounts after having already offered Gemini to teens using their personal accounts The company ppShopify merchants can now sell their items to Targets millions of shoppers thanks to a new partnership The companies announced on Monday that sellers on the commerce platform can apply ppA few months after opening a noncompliance case on Apple and the Digital Markets Act DMA the European Commission has shared its preliminary findings with Apple And the bottom line ppMixhalo Translate couples the startups ultralow latency inperson streaming with AIgenerated audio translations ppProsus the largest external investor in Byjus has written off its 96 stake in Indian edtech firm ppVinod Khosla the Sun Microsystems cofounder turned prominent investor talks about how AI is changing tech and the risks of government regulation ppAfter a few months of testing during the general elections Meta is making its Llama 3powered AI chatbot available to all users in India However Meta AI currently only supports ppWere at a transitional moment in streaming user growth is slowing and major players are looking to consolidate but the longpromised dream of profitability finally seems within reach especially ppAnika Collier Navaroli is working to shift the power imbalance She is known for her research and advocacy work within technology ppIf all goes to plan Europeans will be able to download and use a free EU Digital Identity Wallet to access a wide range of public and private services ppFeatured ArticleppScale AI founder Alexandr Wang set off another debate with an antiDEI post It revealed a lot about the current state of DEI in tech ppAs Apple enters the AI race its also looking for help from partners During the announcement of Apple Intelligence earlier this month Apple said it would be partnering with OpenAI pp18yearolds Christopher Fitzgerald and Nicholas Van Landschoot have founded APIGen a platform to build custom APIs from natural language prompts ppWelcome back to TechCrunchs Week in Review TechCrunchs newsletter recapping the weeks biggest news Want it in your inbox every Saturday Sign up here This week Ilya Sutskever launched ppReally X should have learned its lesson by now ppOmniAI is a set of tools that transform unstructured enterprise data into a something that data analytics apps and AI can understand ppCharlette NGuessan is the Data Solutions and Ecosystem Lead at Amini a deep tech startup leveraging space technology and artificial intelligence to tackle environmental data scarcity in Africa and the ppFeatured ArticleppJournalists understand the basic structure of the deals but they still have questions ppFeatured ArticleppThe human brain has long been a subject of fascination for art and science which are now both mixed into Brainstorms A Great Gig in the Sky a new live interactive experience to the tune of Pink Floyd Interactivity is optional but memorable Exhibition visitors can opt in and pay ppWhen former YouTube product manager Kevin Xu known as Sir Jack A Lot on Reddit turned 35000 into 8 million trading stocks between 2020 and 2022 many people thought his ppFeatured ArticleppThe Open Source Initiative is trying to address the debate stirring around the notion of opensource AI ppFisker is just a few days into its Chapter 11 bankruptcy and the fight over its assets is already charged with one lawyer claiming the startup has been liquidating assets ppA hacker is advertising customer data allegedly stolen from the Australiabased live events and ticketing company TEG on a wellknown hacking forum On Thursday a hacker put up for sale ppPowered by WordPress VIPp
ppIts becoming a habit to open each TechCrunch Space newsletter with a bit of an update on Boeings Starliner mission so bear with me ppFeatured ArticleppThe tech layoff wave is still going strong in 2024 Following significant workforce reductions in 2022 and 2023 this year has already seen 60000 job cuts across 254 companies according to independent layoffs tracker Layoffsfyi Companies like Tesla Amazon Google TikTok Snap and Microsoft have conducted sizable layoffs in the ppTelegrams founder Pavel Durov says his company only employs around 30 engineers Security experts say that raises serious questions about the companys cybersecurity ppEmergence on Monday emerged from stealth with 972 million in funding ppThe Multi deal seems to fit into OpenAIs broader recent strategy of investing heavily in enterprise solutions ppCar dealerships and auto shops around the US enter a second week of disruption following cyberattacks at software maker CDK ppConsumer technology is hard but few people have mastered it as well as Matt Rogers cofounder of Nest and now Mill his new startup that promises to turn your table ppGoogle announced on Monday that its bringing its AI technology Gemini to teen students using their school accounts after having already offered Gemini to teens using their personal accounts The company ppShopify merchants can now sell their items to Targets millions of shoppers thanks to a new partnership The companies announced on Monday that sellers on the commerce platform can apply ppA few months after opening a noncompliance case on Apple and the Digital Markets Act DMA the European Commission has shared its preliminary findings with Apple And the bottom line ppMixhalo Translate couples the startups ultralow latency inperson streaming with AIgenerated audio translations ppProsus the largest external investor in Byjus has written off its 96 stake in Indian edtech firm ppVinod Khosla the Sun Microsystems cofounder turned prominent investor talks about how AI is changing tech and the risks of government regulation ppAfter a few months of testing during the general elections Meta is making its Llama 3powered AI chatbot available to all users in India However Meta AI currently only supports ppWere at a transitional moment in streaming user growth is slowing and major players are looking to consolidate but the longpromised dream of profitability finally seems within reach especially ppAnika Collier Navaroli is working to shift the power imbalance She is known for her research and advocacy work within technology ppIf all goes to plan Europeans will be able to download and use a free EU Digital Identity Wallet to access a wide range of public and private services ppFeatured ArticleppScale AI founder Alexandr Wang set off another debate with an antiDEI post It revealed a lot about the current state of DEI in tech ppAs Apple enters the AI race its also looking for help from partners During the announcement of Apple Intelligence earlier this month Apple said it would be partnering with OpenAI pp18yearolds Christopher Fitzgerald and Nicholas Van Landschoot have founded APIGen a platform to build custom APIs from natural language prompts ppWelcome back to TechCrunchs Week in Review TechCrunchs newsletter recapping the weeks biggest news Want it in your inbox every Saturday Sign up here This week Ilya Sutskever launched ppReally X should have learned its lesson by now ppOmniAI is a set of tools that transform unstructured enterprise data into a something that data analytics apps and AI can understand ppCharlette NGuessan is the Data Solutions and Ecosystem Lead at Amini a deep tech startup leveraging space technology and artificial intelligence to tackle environmental data scarcity in Africa and the ppFeatured ArticleppJournalists understand the basic structure of the deals but they still have questions ppFeatured ArticleppThe human brain has long been a subject of fascination for art and science which are now both mixed into Brainstorms A Great Gig in the Sky a new live interactive experience to the tune of Pink Floyd Interactivity is optional but memorable Exhibition visitors can opt in and pay ppWhen former YouTube product manager Kevin Xu known as Sir Jack A Lot on Reddit turned 35000 into 8 million trading stocks between 2020 and 2022 many people thought his ppFeatured ArticleppThe Open Source Initiative is trying to address the debate stirring around the notion of opensource AI ppFisker is just a few days into its Chapter 11 bankruptcy and the fight over its assets is already charged with one lawyer claiming the startup has been liquidating assets ppA hacker is advertising customer data allegedly stolen from the Australiabased live events and ticketing company TEG on a wellknown hacking forum On Thursday a hacker put up for sale ppPowered by WordPress VIPp
