In a new crypto stealing operation, hackers are breaking into people’s AT&T email accounts and exploiting that access to drain their crypto funds from various exchanges. Targets seem to use att.net, sbcglobal.net, bellsouth.net and other AT&T email addresses.
Techcrunch reported the incident after being tipped by an anonymous source who believes that the hackers were only able to gain access to victims’ email addresses because they already had access to a part of AT&T’s internal network, allowing them to create mail keys for any user. These “mail keys” are unique credentials that would enable AT&T email users to log into their accounts on email clients like Outlook.
Hackers generate these mail keys for a specific user and log into their accounts. Shortly after, the hackers would reset the password for any crypto-related services running on that email address, like cryptocurrency exchanges at which point the victim can’t do anything except watch their crypto disappear into thin air.
The tipster also provided a list of alleged victims, with two of the victims confirming that they have been hacked. The first victim reported that hackers stole $134,000 from their Coinbase account. The second victim said that their email has been hacked repeatedly since November 2022. Overall, the tipster claims that the hackers can reset any AT&T email account, having made anywhere between $15 to $20 million in stolen crypto, although that amount hasn’t been verified yet.
As for AT&T, company spokesperson Jim Kimberly said that the company is aware of the “unauthorised creation of secure mail keys, which can be used in some cases to access an email account without needing a password”. AT&T has updated their security controls to prevent this activity and made some users reset their passwords. That said, the company declined to say how many people have been affected so far.
In the News: Brave drops Bing, moves to its own index