TechCrunch reported that hackers are hacking into AT&T email accounts and stealing crypto from victims’ cryptocurrency exchange accounts. At the beginning of the month, an unidentified source told TechCrunch that cybercriminals had hacked AT&T email accounts such as att.net, sbcglobal.net, bellsouth.net, and others.
The source said the hackers could produce mail keys for any user since they can access AT&T’s internal network. AT&T email subscribers may utilize mail keys to log in without passwords using Thunderbird or Outlook.
With a target’s mail key, hackers may use an email program to log in and reset passwords for more profitable services like cryptocurrency exchanges. For example, the victim loses when the hackers reset their Coinbase or Gemini account password through email. The tipster named victims. Two victims confirmed hacking.
“Identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without a password,” stated AT&T spokesperson Jim Kimberly.
To avoid this, we improved our security controls. The official said, “We also proactively reset some email accounts’ passwords.”
AT&T refuses to specify how many individuals were hacked in this round. However, “as a precaution,” the business restricted certain email accounts and required password resets.
“This process wiped out any secure mail keys that were created,” the representative said.
One Coinbase user told TechCrunch that hackers took $134,000. “It has been happening repeatedly since November 2022 — probably ten times at this point,” stated the second victim. I discover it when my Outlook client fails to “connect” and instantly log in to my [AT&T] site and erase their key and establish a new one.”
“Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these outlook login keys,” the victim said.
Reddit users with AT&T and other email accounts reported hacks.
“Hello, my email was compromised in March of this year, and I have done everything I can to reset the password, security questions, etc., but occasionally, I’m still getting emails that a secure mail key has been created on my account without my knowledge,” one user stated. “They would even delete the email notification, so I don’t see it, but I recently changed to another email for profile updates, so they don’t have access. So how is someone still accessing my account?
“I’ve had the same issue for months and just started again, password wasn’t changed, but account locked out, and a Mail Key keeps being created somehow,” commented another. The informant claimed the hackers could “reset any” AT&T email account and have made $15–20 million in Bitcoin. However, TechCrunch couldn’t independently verify the tipster’s assertion.
TechCrunch has seen a snapshot from a Telegram group discussion in which one of the hackers claimed to “have the entire AT&T employee database,” allowing them to access the OPUS employee site. However, according to the screenshot, the hacker added in Telegram, “Only thing we are missing is a certificate, which is the last key to accessing the [AT&T] VPN servers.
The informant claims the group now has AT&T’s internal VPN. AT&T spokesman Kimberly disputed that hackers accessed internal business networks. This attack required no system penetration. Bad actors accessed APIs.”