Telecommunications giant AT&T announced Saturday that it had reset the passwords of seven.6 million customers after determining that compromised customer data had been “exposed on the dark web.”
“Our internal teams are working with external cybersecurity experts to analyze the situation.” AT&T said. “To the best of our knowledge, the compromised data dates back to 2019 or earlier and does not contain personal financial information or call history.”
The company said “information varies by customer and account” but could include an individual’s name, email address, mailing address, phone number, Social Security number, date of birth, AT&T account number and password.
In addition to those 7.6 million customers, 65.4 million former account holders are also affected.
The company said it “will separately contact those whose personal information was breached and offer free identity theft and credit monitoring services.”
AT&T said it was resetting passwords for those affected and directed customers to an internet site with details on tips on how to reset them.
TechCrunch, who was the primary to report the password resetAT&T said on Monday that the “leaked data contained encrypted passwords that could be used to access AT&T customer accounts.”
TechCrunch said it delayed publishing its article until the corporate “can begin resetting passwords on customer accounts.”
In its report, TechCrunch stated that “this is the first time AT&T has admitted that the leaked data belongs to its customers, some three years after a hacker reported the theft of 73 million AT&T customer records.”
AT&T said it didn’t know whether the leaked data “came from AT&T or one of its vendors” and that it had “no evidence of unauthorized access to its systems that resulted in the theft of a data set.”