AT&T resets passcodes for 7.6 million customers following dark web data leak

Millions of AT&T customers may have been affected by a data leak, forcing the carrier to change their passcodes. In a notice posted on Saturday, AT&T said that data seemingly from 2019 and earlier was found in information leaked on the dark web, impacting 7.6 million current AT&T subscribers and 65.4 million former AT&T account holders.

The scope of the leaked data found on the dark web varies from account to account. In addition to passcodes for all affected customers, it may also include full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, and AT&T account numbers. The carrier said that the dataset does not contain any personal financial information or call history.

Also: Why were millions of AT&T customers left disconnected? We have an answer

AT&T said the company sent emails or letters to all current and former subscribers who were impacted by the leak. In addition to resetting customer passcodes, the company urged customers to monitor their account activity and credit reports. To do so yourself, you can set up free fraud alerts with Equifax, Experian, and TransUnion, and review a free credit report through Freecreditreport.com.

If you're an AT&T subscriber affected by the breach, you'll want to change your passcode. To do that, go to your myAT&T profile page and sign in when prompted. Scroll to the section for "My linked accounts," select Edit for the passcode you want to change, and follow the prompts.

The carrier said that its internal staff is working with outside cybersecurity experts to investigate the matter. For now, the company doesn't know whether the leaked data came from its own systems or that of one of its vendors. AT&T said the company hasn't found any signs of unauthorized access to its systems that may have resulted in the theft of customer data.

AT&T apparently learned about the data leak last Monday. That's when TechCrunch informed the carrier that the information discovered on the dark web contained encrypted passcodes that could be used to access subscriber accounts. A security researcher told TechCrunch that the encrypted passcodes would be easy to decipher. TechCrunch said that it held off publishing its story until AT&T could start resetting account passcodes.

Also: Everything on how to protect your privacy and stay safe online

Should AT&T have known about the data leak sooner? In 2021, a hacker claimed to be selling a dataset that contained the personal information of 70 million subscribers, as then reported by Bleeping Computer. At the time, AT&T told Bleeping Computer that the information did not appear to come from its systems and couldn't speculate where it came from or whether it was valid.

Last month, someone published all the alleged records on a dark web forum, according to TechCrunch. A more detailed analysis of the data allowed AT&T customers to confirm that the leaked data was accurate.