Cybercriminals have breached AT&T email accounts to gain access to victims’ crypto assets, according to recent reports. The criminals may have stolen as much as $20 million worth of crypto through this modus operandi. Two victims have confirmed the theft. AT&T, however, has denied that hackers have breached the company’s internal systems. Instead, they claim the criminals used API access to target personal AT&T email accounts that use att.net, sbcglobal.net, and bellsouth.net addresses. Hackers reportedly used access to AT&T’s internal network to create mail keys for any user, then login and reset victims’ passwords, including those on crypto exchange apps. A whistleblower is said to have shared a list of the alleged hackers’ victims to prove that cybercriminals have indeed gained access to AT&T’s internal systems. AT&T has acknowledged the “unauthorized creation of secure mail keys” and has responded by updating its security controls, locking some email accounts to force owners to reset passwords.
7.009 1 Minute Lesezeit