Search This Blog

Powered by Blogger.

Blog Archive

Labels

Hackers are Breaking Into AT&T to Steal Cryptocurrency

This is how hackers are getting access into accounts without having password keys.
In recent news, individuals with AT&T email addresses are being targeted by unknown hackers who are using their access to break into victims' cryptocurrency exchange accounts and steal their digital assets. Cryptocurrency exchanges are online platforms that allow users to buy, sell, and trade digital currencies like Bitcoin and Ethereum. 

To use a cryptocurrency exchange, users need to create an account and provide personal information for identity verification. They can then deposit traditional currencies and use them to purchase digital currencies. 

According to an anonymous source, cybercriminals have discovered a way to gain unauthorized access to the email accounts of AT&T users, including those with email domains such as att.net, sbcglobal.net, and bellsouth.net. 

These hackers exploit a section of AT&T's internal network to create mail keys for any user. Mail keys are unique credentials that allow AT&T email users to access their accounts via email applications like Thunderbird or Outlook without using their passwords.

Once the hackers obtain a target's mail key, they use an email app to access the victim's account and reset passwords for more valuable services like cryptocurrency exchanges. This leaves the victim vulnerable, as the hackers can easily reset passwords for Coinbase or Gemini accounts via email, transferring the victim's digital assets to their own accounts and leaving the victim with nothing. 

One of the victims reported that “it is Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these outlook login keys”. 

AT&T spokesperson Jim Kimberly acknowledged the unauthorized creation of secure mail keys that allow access to email accounts without passwords. The company has since updated its security controls and proactively required a password reset on some email accounts. 

“We identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password. We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,” he added. 

However, Kimberly further said that the hackers had no access to the internal systems of the company. “There was no intrusion into any system for this exploit. The bad actors used an API access.”
Share it:

AT&T

cryptocurrency

cyber attack

Cyber Attacks

online currency