Engadget
Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

AT&T resets millions of customers’ passcodes after account info was leaked on the dark web

The leaked data set included the records of roughly 73 million current and former AT&T account holders.

Reuters / Reuters

AT&T says 7.6 million current customers were affected by a recent leak in which sensitive data was released on the dark web, along with 65.4 million former account holders. TechCrunch first reported on Saturday morning that the company has reset the passcodes of all affected active accounts, and AT&T confirmed the move in an update published on its support page. The data set, which AT&T says “appears to be from 2019 or earlier,” includes names, home addresses, phone numbers, dates of birth and Social Security numbers, according to TechCrunch.

TechCrunch reports that it alerted AT&T about the potential for the leaked data to be used to access customers accounts on Monday, after a security researcher discovered that the records included easily decipherable encrypted passcodes. AT&T said today that it’s “launched a robust investigation supported by internal and external cybersecurity experts.” The data appeared on the dark web about two weeks ago, according to AT&T.

It comes three years after a hacker known as ShinyHunters claimed in 2021 that they’d obtained the account data of 73 million AT&T customers. AT&T at the time told BleepingComputer that it had not suffered a breach and that samples of information shared by the hacker online did “not appear to have come from our systems.” The company now says that “it is not yet known whether the data in those fields originated from AT&T or one of its vendors.” So far, it “does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set.”

AT&T says it will reach out to both current and former account holders who have been affected by the leak. The company also says it will offer credit monitoring to those customers “where applicable.”