- A whistleblower reports AT&T email addresses were hacked.
- Hackers stole millions of dollars by exploiting AT&T’s internal system.
- With $20 million reportedly stolen from users, AT&T claims its internal system was not compromised.
AT&T, one of the largest telecommunications companies in the US, has fallen prey to a string of attacks by hackers.
In a recent report, an anonymous whistleblower revealed that hackers occasionally lock users out of their AT&T email addresses to steal cryptocurrencies thanks to an exploit they found.
Although AT&T shared that it has it all under control, the whistleblower stated hackers have siphoned between $15 million to $20 million and continue to do so. How did the hackers pull it off and are still using the exploit?
How’d the Hackers Break-in?
Earlier this month, an anonymous source shared with Techcrunch that a team of hackers has found a way to break into AT&T email addresses. This includes addresses ending with att.net, sbcglobal.net, and bellsouth.net, among others. Criminals have been abusing the exploit to gain access to their cryptocurrency exchange accounts and steal their crypto.
According to the whistleblower, hackers compromised OPUS, AT&T’s internal network for employees. They would exploit the portal to create security keys for registered users and use them to log on to victims’ accounts without using their passwords.
None of the victims’ accounts were safe using these security keys, including their cryptocurrency exchange accounts. Alleged hack victims have reported that hundreds of thousands of dollars were stolen from their Coinbase and Gemini accounts. Some victims shared that the hack has happened “repeatedly since November 2022.”
In light of the rising concerns from users, especially since they collectively incurred about $20 million in losses, AT&T responded, but without any reprieve.
Despite hackers claiming they had access to AT&T’s entire employee database in Telegram groups, the telecommunications company’s spokesperson, Kimberly, refuted all accusations, claiming that hackers had no access to the internal company systems. Instead, they exploited an API.
While it has yet to be determined what will happen to users’ funds, it’s time to perform your due diligence and protect yourself.
There’s no telling if the crisis has been averted, so it’s best to protect yourself as soon as possible.
If you’re affected by this hack, you should migrate your assets to another wallet as soon as possible until the concerned authorities investigate the matter. Here are a few additional tips to protect you in the long run:
- One common factor among the victims was the number of crypto assets they stored in their accounts. Therefore, store large amounts of tokens on hardware or cold wallets.
- Protect your Secret Recovery Phrase.
- Set up additional security layers.
- Double-check links, websites, and emails. Refrain from clicking any link unless it’s from a verified source.
- Report any suspicious activity to the concerned departments as soon as possible.
- Ask for help from officials, and prioritize your safety and security.
- Verify and scan all addresses, such as contract, sender, and others, before doing anything permanent.
On the Flipside
- An ongoing unidentified wallet-draining hack stole over 5,000 ETH or approximately $10 million from reasonably secure users.
Why You Should Care
AT&T is one of the largest companies in the US, with over 200 million customers. Such hacks can be concerning, considering the exploit has yet to be addressed and stopped, despite successfully stealing over $15 million. Given the rising hacks, take this as a lesson to set up necessary precautionary measures.
SBF’s favorite game just shut down:
“No Path Forward” for SBF’s Beloved FTX-Owned Storybook Brawl
Read ways blockchains can be hacked: