How Hackers Are Stealing Cryptocurrency Through AT&T Email Accounts

in #cryptocurrency2 years ago

Techcrunch reported, Unknown hackers have targeted individuals with AT&T email addresses by infiltrating their email accounts and launching attacks on cryptocurrency exchanges to steal valuable digital assets. TechCrunch first reported the security breach, citing an anonymous source who revealed that the cybercriminals discovered a way to hack into any email account with an att.net, sbcglobal.net, bellsouth.net, or other AT&T email address.

How did the hackers gain access?

The hackers reportedly accessed a part of AT&T’s internal network, which allowed them to create mail keys for any user. Mail keys are unique credentials that AT&T email users can use to log into their accounts using email apps such as Thunderbird or Outlook, without having to use their passwords. Once armed with a target’s mail key, the hackers could log into the victim’s account and reset passwords for more lucrative services, such as cryptocurrency exchanges.

How many people were affected?

The extent of the damage caused by the hackers remains unclear, with AT&T declining to say how many people have been affected. Several victims have come forward, confirming the extent of the security breach. One victim claimed to have lost $134,000 from their Coinbase account, while another said they have been repeatedly targeted since November 2022, with hackers gaining access to their email account through the creation of secure mail keys.

How did AT&T respond?

AT&T spokesperson Jim Kimberly confirmed that the company has identified the unauthorized creation of secure mail keys and has updated its security controls to prevent further activity. The company has also required a password reset on some email accounts, wiping out any secure mail keys that may have been created. However, the spokesperson denied that the hackers had any access to internal company systems, stating that “there was no intrusion into any system for this exploit. The bad actors used an API access.”