Has discovered that hackers are breaking into AT&T email accounts and stealing crypto from victims’ cryptocurrency exchange accounts.
At the beginning of the month, an anonymous source told that a group of cybercriminals had hacked AT&T email addresses like att.net, sbcglobal.net, bellsouth.net, and others.
According to the tipster, the hackers can create mail keys for any user because they have access to AT&T’s internal network. Mail keys allow AT&T email users to log in without passwords using email apps like Thunderbird or Outlook.
Hackers can use an email app to log into a target’s account and reset passwords for lucrative services like cryptocurrency exchanges with a mail key. Hackers can then reset the victim’s Coinbase or Gemini account password via email, ending the victim’s game.
Alleged victims were listed by the tipster. Hacking was confirmed by two victims.
AT&T spokesperson Jim Kimberly said the company “identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without a password.”
“We updated our security controls to prevent this activity. The spokesperson said, “As a precaution, we also proactively required a password reset on some email accounts.”
AT&T did not disclose the number of victims. The spokesperson added, “This process wiped out any secure mail keys that had been created.”
Reported that hackers stole $134,000 from one Coinbase account. The second victim stated that “it has been happening repeatedly since November 2022 — probably 10 times at this point.” When my Outlook client fails to “connect,” I login to my AT&T site and delete their key and create a new one.
The victim added, “Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these outlook login keys.
On Reddit, several AT&T and other email users reported being hacked.
One user wrote, “Hello, my email was compromised back in March of this year and I have done everything I can to reset password, security questions, etc but occasionally I’m still getting emails that a secure mail key has been created on my account without my knowledge.” “They would even delete the email notification so I don’t see it, but I recently changed to another email for profile updates so they don’t have access. This sounds like someone still has access to my account, but how?”
Another wrote, “I’ve had the same issue for months and just started again, password wasn’t changed but account locked out and a Mail Key keeps being created somehow.”
According to the tipster, the hackers can “reset any” AT&T email account and have made $15–20 million in crypto. The tipster’s claim was unconfirmed.
Has seen a screenshot from a Telegram group chat where one of the hackers claims that the gang “have the entire AT&T employee database” and can access OPUS, an internal AT&T portal for employees.
“Only thing we are missing is a certificate, which is the last key to accessing the [AT&T] VPN servers,” the hacker wrote in the Telegram channel, according to the screenshot.
According to the tipster, the gang has access to AT&T’s internal VPN.
Kimberly, AT&T’s spokesperson, denied that the hackers had access to internal systems. “No system was breached for this exploit. The bad guys used API access.”