An anonymous source has reported that AT&T was compromised at the beginning of April and hacked into user email to drain millions worth of crypto.
Hackers accessed and stole from AT&T email addresses
Several cybercriminals have exploited an API weakness in the AT&T system and accessed customer email addresses.
The hackers have also accessed the customers’ crypto exchange accounts and drained the funds. Customers with email accounts with sbcglobal.net, bellsouth.net, att.net, and other AT&T email addresses were affected.
According to the informant, the hackers managed to get into the accounts because they had leeway to a section of AT&T’s internal network, which allowed them to create mail access keys for any user.
Mail keys are special identification details that AT&T email users use to log into their emails through apps such as Outlook and Thunderbird without using their passwords.
With the private keys, the hackers can use the approved email apps to log into the accounts and reset the passwords to connected accounts, such as crypto exchange platforms. After changing the passwords, the hacker can access any linked wallet and the crypto private keys.
API access or internal VPN compromise?
Jim Kimberly, AT&T spokesperson, said that the company identified the compromise and the creation of unauthorized mail keys that were secure to use.
He further noted that the company had updated its security control and set a precaution where some users must reset their email passwords proactively.
The AT&T spokesperson, however, refrained from mentioning the number of affected users, saying that any mail key generated by the hackers was wiped out.
The informant also mentioned the affected users, and two affirmed the occurrence.
One victim admitted that he lost $134,000 from his Coinbase account. The second one said that the hacking has been ongoing since November 2022, with approximately ten attacks so far.
The victim suspected that the hackers had direct access to the AT&T files and databases containing customers” Outlook keys.
Several AT&T users have raised concerns through Reddit and admitted they had been hacked differently. The informant said that the hackers had access to AT&T’s internal VPN.
Still, AT&T’s spokesperson denied that the cybercriminals had access to the company’s internal systems and insisted that the hackers used API access.