AT&T confirms 73 million customers' data leaked on Dark Web in colossal data breach

All products are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more

GETTY IMAGES
Aaron Brown

By Aaron Brown


Published: 01/04/2024

- 16:00

Updated: 01/04/2024

- 16:02

Millions of passwords have been reset in an emergency security measure

  • AT&T has confirmed a colossal data breach impacting 73 million people
  • The Texas-based brand is the biggest mobile carrier in the United States
  • It's unclear where the data set came from, with investigations ongoing

America's largest wireless carrier has confirmed that millions of customers' data has been shared by hackers on the so-called Dark Web. Hackers have shared personal information from 7.6 million current AT&T customers and 65.4 million former account holders.


The leaked information includes full name, email address, home address, phone number, social security number, date of birth, AT&T account number and passcode, the mobile carrier has informed customers.

A passcode is a numerical PIN, usually limited to four digits. It’s one of the security measures used to protect online accounts by AT&T in addition to an alpha-numeric password.

If your information was included in the colossal leak, AT&T will be in touch soon via email or letter. In an FAQ posted in the wake of the hack, AT&T states: "If your information was impacted, you will be receiving an email or letter from us explaining the incident, what information was compromised, and what we are doing for you in response."

The company is proactively resetting the passwords of all 7.6 million leaked accounts to block hackers from gaining access.

If you rely on the same email address and password combination used to safeguard your AT&T account for multiple other online profiles — time is of the essence and you need to act fast and reset other passwords. This prevents hackers from logging into your banking profile, social media, email, and more with the same login details, a cyberattack technique known as credential stuffing.

This was recently used to break into thousands of Roku accounts and make unauthorised purchases.

AT&T has reassured customers that it's investigating the data set shared on the Dark Web, a murky underworld of the World Wide Web not indexed by search engines like Google or Bing that can only be accessed with the open-source Tor browser. Early analysis of the data set shows that it dates back from 2019 or earlier.

AT&T, which has a network that covers roughly 290 million people across the United States, has revealed that it hasn't found any evidence of unauthorised access to its systems which could explain the leaked database of customers' information. It's unknown whether the leak originates from AT&T or one of its vendors.

The telecom company says the incident has not had a material impact on its operations, and said the source of the data is still being assessed. AT&T is in contact with all those impacted and has reset passcodes for 7.6 million current customers.

LATEST DEVELOPMENTS

AT&T is offering customers credit monitoring and free fraud alerts from Equifax, Experian, and TransUnion. It recommends customers "remain vigilant by monitoring account activity and credit reports".

You may like