Hackers are breaking into AT&T e mail accounts to steal cryptocurrency
Unknown hackers are breaking into the accounts of people that have AT&T e mail addresses, and utilizing that entry to then hack into the sufferer’s cryptocurrency trade’s accounts and steal their crypto, TechCrunch has discovered.
Firstly of the month, an nameless supply informed TechCrunch {that a} gang of cybercriminals have discovered a solution to hack into the e-mail addresses of anybody who has an att.internet, sbcglobal.internet, bellsouth.internet and different AT&T e mail addresses.
In accordance with the tipster, the hackers are ready to do this as a result of they’ve entry to part of AT&T’s inside community, which permits them to create mail keys for any person. Mail keys are distinctive credentials that AT&T e mail customers can use to log into their accounts using email apps such as Thunderbird or Outlook, however with out having to make use of their passwords.
With a goal’s mail key, the hackers can use an e mail app to log into the goal’s account and begin resetting passwords for extra profitable companies, similar to cryptocurrency exchanges. At that time it’s sport over for the sufferer, because the hackers can then reset the sufferer’s Coinbase or Gemini account password through e mail.
The tipster supplied a listing of alleged victims. Two of the victims replied, confirming they’ve been hacked.
AT&T spokesperson Jim Kimberly mentioned that the corporate “recognized the unauthorized creation of safe mail keys, which can be utilized in some circumstances to entry an e mail account without having a password.”
“Now we have up to date our safety controls to stop this exercise. As a precaution, we additionally proactively required a password reset on some e mail accounts,” the spokesperson mentioned.
AT&T declined to say how many individuals have been hit on this wave of hacks. However the firm, “as a precaution,” has locked some e mail accounts, forcing their house owners to reset their passwords.
“This course of worn out any safe mail keys that had been created,” the spokesperson added.
One sufferer informed TechCrunch that hackers stole $134,000 {dollars} from his Coinbase account. The second sufferer mentioned that “it has been taking place repeatedly since November 2022 — in all probability 10 instances at this level. I discover it has been accomplished when my Outlook shopper fails to ‘join’ and I shortly login to my [AT&T] web site and delete their key and create a brand new one.”
“Very irritating as a result of it’s apparent that the ‘hackers’ have direct entry to the database or recordsdata containing these buyer Outlook keys, and the hackers don’t must know the person’s AT&T web site login to entry and alter these outlook login keys,” the sufferer added.
Additionally, several people with AT&T and other related email addresses mentioned on Reddit that they’ve been hacked.
“Hi there, my e mail was compromised again in March of this 12 months and I’ve accomplished every part I can to reset password, safety questions, and many others however often I’m nonetheless getting emails {that a} safe mail key has been created on my account with out my information,” one person wrote. “They might even delete the e-mail notification so I don’t see it however I just lately modified to a different e mail for profile updates so that they don’t have entry. This feels like somebody nonetheless has entry to my account however how?”
One other individual wrote: “I’ve had the identical challenge for months and simply began once more, password wasn’t modified however account locked out and a Mail Key retains being created in some way.”
The tipster claims that the hackers can “reset any” AT&T e mail account, and that they’ve made between $15 and $20 million in stolen crypto. (TechCrunch couldn’t independently confirm the tipster’s declare.)
TechCrunch has seen a screenshot apparently coming from a Telegram group chat, the place one of many hackers claims that the gang “have the complete AT&T worker database,” which permits them to entry an inside AT&T portal for workers known as OPUS.
“Solely factor we’re lacking is a certificates, which is the final key to accessing the [AT&T] VPN servers,” the hacker wrote within the Telegram channel, in accordance with the screenshot.
The tipster mentioned that the gang now has entry to AT&T’s inside VPN.
Kimberly, the AT&T’s spokesperson, denied that the hackers had any entry to inside firm methods. “There was no intrusion into any system for this exploit. The dangerous actors used an API entry.”
Do you may have extra details about these hacks towards AT&T e mail customers? Or different comparable hacks? We’d love to listen to from you. You’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Wickr, Telegram and Wire @lorenzofb, or e mail lorenzo@techcrunch.com. You too can contact TechCrunch through SecureDrop.