According to TechCrunch, some Unknown hackers are breaking into the accounts of users who have AT&T email addresses, and using that access to hack into the victim’s cryptocurrency exchange accounts and steal their crypto assets.
An anonymous source told reported earlier this month that a gang of cybercriminals had discovered a way to hack into the email addresses of anyone with an att.net, sbcglobal.net, bellsouth.net, or other AT&T email addresses.
According to the tipster’s report, the hackers are able to achieve this because they have access to a portion of AT&T’s internal network, allowing them to generate mail keys for any user. a mail key, which is typically a code or password that is used to access a virtual mailbox or post office box. This type of key is often used by individuals or businesses who prefer to receive their mail digitally rather than in a physical mailbox.
In this case, Mail keys are unique credentials that AT&T email users can use to log into their accounts using email apps like Thunderbird or Outlook without having to enter their passwords.
Hackers can use a target’s mail key to log into the target’s account and begin resetting passwords for more lucrative services, such as cryptocurrency exchanges, using an email app. At that point, the victim is out of luck because the hackers can reset the victim’s Coinbase or Gemini account password via email.
The informant supplied a list of alleged victims. Two of the victims responded, admitting to being hacked.
Also, read: New supply chain attack targeting customers of a phone system with 12 million users
AT&T spokesperson Jim Kimberly said that the company “identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password.”
“We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,” the spokesperson said.
AT&T has refused to say how many people have been affected by this wave of hacks. However, “as a precaution,” the company has locked some email accounts, forcing their owners to reset their passwords.
“This process wiped out any secure mail keys that had been created,” the spokesperson added.
One victim told TechCrunch that hackers stole $134,000 dollars from his Coinbase account. The second victim said that “it has been happening repeatedly since November 2022 — probably 10 times at this point. I notice it has been done when my Outlook client fails to ‘connect’ and I quickly log in to my [AT&T] site and delete their key and create a new one.”
“Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these Outlook login keys,” the victim added.
Additionally, several people with AT&T and other related email addresses reported being hacked on Reddit.
“Hello, my email was compromised back in March of this year and I have done everything I can to reset password, security questions, etc but occasionally I’m still getting emails that a secure mail key has been created on my account without my knowledge,” one user wrote. “They would even delete the email notification so I don’t see it but I recently changed to another email for profile updates so they don’t have access. This sounds like someone still has access to my account but how?”
Also, read: Gun owner’s data stolen from firearms auction website by hackers
Another person wrote: “I’ve had the same issue for months and just started again, password wasn’t changed but account locked out and a Mail Key keeps being created somehow.”
According to the tip, the hackers can “reset any” AT&T email account and have made between $15 and $20 million in stolen cryptocurrency. (TechCrunch was unable to independently confirm the tipster’s claim.)
TechCrunch obtained a screenshot from a Telegram group chat in which one of the hackers claims that the gang “has the entire AT&T employee database,” allowing them to access an internal AT&T portal for employees known as OPUS.
According to the screenshot, the hacker wrote in the Telegram channel, the only thing they are missing is a certificate, which is the final key to accessing the [AT&T] VPN servers.
According to the source, the gang now has access to AT&T’s internal VPN.
AT&T spokesperson Kimberly denied that the hackers had access to internal company systems. “There was no intrusion into any system for this exploit. The bad actors used an API access.”
