Protect your money: AT&T email accounts under attack by hackers
A recent report says that hackers have been breaking into email addresses provided by AT&T and stealing huge amounts of cryptocurrency.
According to a report from Tech Crunch, unknown hackers have been hacking email addresses provided by AT&T to steal cryptocurrency from users. The report says that the attacks started at the beginning of April by a gang of cybercriminals. They found a way to hack into email addresses and steal people's money on crypto.
The hackers have gained access to a section of AT&T's internal network, allowing them to generate mail keys for any user. Mail keys are used by AT&T users to log into their accounts with third-party apps like Outlook without using their passwords. In other words, they are a kind of "secure measure" that allows log-ins from third-party apps.
"With a target’s mail key, the hackers can use an email app to log into the target’s account and start resetting passwords for more lucrative services, such as cryptocurrency exchanges. At that point, it’s game over for the victim, as the hackers can then reset the victim’s Coinbase or Gemini account password via email," says Tech Crunch.
One victim lost $134,000
One of the victims said the hackers stole $134,000 from his Coinbase account. Another victim said that this is not new but has been happening since November 2022, "I notice it has been done when my Outlook client fails to ‘connect’ and I quickly log in to my [AT&T] site and delete their key and create a new one," they added.
“We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts. This process wiped out any secure mail keys that had been created,” a spokesperson from AT&T said.
If you own an email account provided by AT&T, you might want to improve your security measures or the different precautions. The affected email addresses include att.net, sbcglobal.net, bellsouth.net, and other AT&T email addresses.Advertisement
“In other words, they are a kind of “secure measure” that allows log-ins from third-party apps.”
…I guess not.