AT&T email accounts reportedly hacked to steal crypto

Hackers have reportedly broken into AT&T-provided email addresses, and used this access to steal large amounts of cryptocurrency, TechCrunch reports. While it’s not clear how many people have been affected, one alleged victim claims to have lost $134,000 from a Coinbase account linked to a compromised email address. Email addresses with att.net, sbcglobal.net and bellsouth.net domain names are all reportedly affected.

The vulnerability involves email keys, which are intended to allow users to log into AT&T email accounts through clients such as Outlook or Thunderbird. Somehow, attackers seem to have found a way to generate these keys without the owner of an email account knowing. Once they have access, they can request password resets from cryptocurrency exchanges like Coinbase or Gemini (along with, presumably, many other online accounts associated with the email address).

“We have updated our security controls to prevent this activity”

AT&T spokesman Jim Kimberly confirmed TechCrunch that the company had “identified the unauthorized creation of secure email keys, which in some cases can be used to access an email account without needing a password.”

The tipster who alerted TechCrunch to the issue said hackers have been able to create these email keys because they have access to an internal AT&T system. But AT&T’s Kimberly disputes this. “There was no penetration of any system for this exploit. The bad actors used an API access,” they said.

“We have updated our security controls to prevent this activity. As a precaution, we also proactively required password resets on some email accounts,” Kimberly said. “This process deleted any secure email keys that had been created.” AT&T did not immediately respond The Vergeits request for comment asking whether it believes the security issue has been fully resolved.

It’s not clear how long the problem may have existed, but one victim said so TechCrunch that they had been experiencing ongoing problems with the email keys since last November. This Reddit post (also from November) mentions a similar problem.

The incident highlights how an email account can be a single point of failure in large parts of a user’s online life. Get access to the account and you get access to all the connected services. In this case, those services allegedly included cryptocurrency, making the potential losses even greater.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *