Skip to content

AT&T confirms 2021 breach; changes 7.6 million customer passcodes

  • by
  • 3 min read

AT&T has finally confirmed that its 2021 data leak compromised the data of 73 million customers, including the current 7.6 and former 65 million customers, despite previously denying it. The company is resetting affected customers’ passcodes.

The breach revealed encrypted passcodes that could grant unauthorised access to AT&T customer accounts. AT&T collaborated with cybersecurity experts and launched a thorough investigation into the incident.

In 2021, a threat actor by the alias ShinyHunters uploaded the data on a hacker forum, offering it to sell for a starting price of $200,000. The threat actors also told the potential buyers they would sell the data immediately for $1 million.

“Based on our investigation, the information that appeared in an internet chat room does not appear to have come from our systems,” AT&T told Bleeping Computer. “Given this information did not come from us, we can’t speculate on where it came from or whether it is valid.”

In 2024, another threat actor, Major Nelson, uploaded the data for free on a hacking forum. Several cybersecurity experts confirmed that the data, indeed, is genuine.

Cybersecurity expert Sam Croley analysed the encrypted passcodes and demonstrated, according to TechCrunch, how the lack of randomness in the encryption allowed for the deciphering of passcodes based on surrounding information in the leaked records. Following this, TechCrunch notified the company about the passcode vulnerability, prompting the company to acknowledge the leak.

The breached data contains the names, addresses, phone numbers, and Social Security numbers of the customers.

“It has come to our attention that a number of AT&T passcodes have been compromised. We are reaching out to all 7.6M impacted customers and have reset their passcodes. In addition, we will be communicating with current and former account holders with compromised sensitive personal information,” said the official statement of AT&T. “Our internal teams are working with external cybersecurity experts to analyse the situation.”

The compromised data includes sensitive details such as customer names, addresses, phone numbers, dates of birth, and Social Security numbers. Additionally, each record in the leaked data contains encrypted account passcodes, which Croley was able to reverse-engineer because they are predictable.

AT&T has also launched a dedicated FAQ section for customers, addressing questions like how to keep their accounts secure, what the company is doing about it, and how to update their passcodes.

The company said, “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”

The telecom industry has always been a target of the threat actors. In 2023, it was reported that data from more than 74 million American telecom customers, including AT&T, Charter Communication, T-Mobile, and Verizon, had been leaked.

In the News: Indians in Cambodia forced into cyber fraud; rescue ops underway

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: