Hackers who remain unidentified have discovered a method to gain entry into the email accounts of individuals who possess an AT&T email address, according to a report by TechCrunch.
This access is then utilized to hack into the crypto exchange accounts of the victims, enabling the hackers to steal their cryptocurrency.
AT&T's Internal Network
It is believed that hackers can access a section of AT&T's internal network, which enables them to produce mail keys for any user. These mail keys are credentials that permit AT&T email users to sign into their accounts using email applications, like Thunderbird or Outlook, without having to use their passwords.
The hackers can use an email app to sign into the target's account with the victim's mail key and then begin resetting passwords for more profitable services such as cryptocurrency exchanges.
Subsequently, the hackers can reset the password for the victim's Coinbase or Gemini account via email.
Jim Kimberly, an AT&T spokesperson, confirmed that the company had detected the unauthorized creation of secure mail keys, which could allow someone to gain access to an email account without a password.
In response, AT&T has updated its security controls and has required password resets on some accounts. As a further precaution, the company has locked some accounts, prompting owners to reset their passwords, which has resulted in the deletion of any secure mail keys created by unauthorized users.
Although AT&T declined to disclose how many people were affected by the attacks, it said that it had taken measures to prevent further unauthorized access to users' email accounts.
Stolen Crypto
According to TechCrunch, multiple people have reported being hacked after unknown hackers broke into the email accounts of those with AT&T email addresses.
One victim told TechCrunch that hackers had stolen $134,000 from their Coinbase account. Another victim shared that they had experienced repeated hacks since November 2022 and noticed it when their Outlook client failed to connect.
They quickly logged into their AT&T account, deleted the hacker's mail key, and created a new one.
Reddit users with AT&T and related email addresses have reported being hacked, with some still receiving emails about a secure mail key being created despite changing their passwords and security questions.
TechCrunch said it was unable to verify the hackers' claim of stealing between $15 to $20 million in crypto but saw a screenshot of a Telegram group chat where a hacker claimed to have access to the entire AT&T employee database.
AT&T denied the hackers had any access to internal company systems and locked some email accounts as a precaution but did not disclose the number of affected people.