TechCrunch has learned that unknown hackers are breaking into the accounts of people who have AT&T email addresses and using that access to then hack into the victim’s cryptocurrency exchange accounts and steal their crypto.
Earlier this month, an anonymous source told TechCrunch that a gang of cybercriminals has found a way to hack the email addresses of anyone with an att.net, sbcglobal.net, bellsouth.net and other email addresses AT&T email.
According to the whistleblower, the hackers are able to do this because they have access to part of AT&T’s internal network, which allows them to create mail keys for any user. MailKeys are unique credentials that AT&T email users can use to log into their accounts using email applications such as Thunderbird or Outlook, but without having to use their passwords.
With a target’s email key, hackers can use an email application to log into the target’s account and begin resetting passwords for more lucrative services such as cryptocurrency exchanges. At this point, it’s game over for the victim, as hackers can reset the victim’s Coinbase or Gemini account password via email.
The informant provided a list of alleged victims. Two of the victims responded confirming that they had been hacked.
AT&T spokesman Jim Kimberly said the company “identified the unauthorized creation of secure email keys, which can be used in some cases to access an email account without requiring a password.”
“We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,” the spokesperson said.
AT&T declined to say how many people have been affected in this hacking wave. But the company, “as a precaution,” has blocked some email accounts, forcing their owners to reset their passwords.
“This process removed the secure mail keys that had been created,” the spokesperson added.
One victim told TechCrunch that hackers stole $134,000 from his Coinbase account. The second victim said “It’s been happening repeatedly since November 2022, probably 10 times at this point. I notice it’s done when my Outlook client can’t ‘connect’ and I quickly log into my [AT&T] site and delete your key and create a new one.”
“Very frustrating because it’s obvious that ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the AT&T website login of the user to access and change these Outlook login keys.” added the victim.
Additionally, several people with AT&T and other related email addresses told Reddit that they had been hacked.
“Hi, my email was compromised in March of this year and I’ve done everything I can to reset my password, security questions, etc., but every now and then I still get emails saying it’s been compromised created a secure email key on my account without my knowledge,” one user wrote. “They would even delete the email notification so I don’t see it, but I recently switched to another email to update the profile so they don’t have access to it. It looks like someone still has access to my account, but how?”
Another person wrote: “I’ve had the same problem for months and just started again, the password didn’t change, but the account gets locked and keeps creating a mail key somehow.”
The whistleblower claims the hackers can “reset any” AT&T email account and made off with $15-20 million in stolen crypto. (TechCrunch was unable to independently verify the whistleblower’s claim.)
TechCrunch has seen a screenshot apparently from a Telegram group chat, where one of the hackers claims the hacker “has AT&T’s entire employee database,” allowing them access to a portal internal AT&T for employees called OPUS.
“The only thing we need is a certificate, which is the last key to access it [AT&T] VPN servers,” the hacker wrote on the Telegram channel, according to the screenshot
The insider said the gang now has access to AT&T’s internal VPN.
Kimberly, the AT&T spokeswoman, denied that the hackers had access to the company’s internal systems. “There was no system intrusion due to this exploit. The bad actors used an API access.”
Do you have more information about these hacks against AT&T email users? Or other similar hacks? We would love to hear from you. You can reach Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email at [email protected]. You can also contact TechCrunch via SecureDrop.
Source link
The recent rise in cryptocurrency has made it a hot target for online thieves. Recently, it has been reported that hackers have been breaking into AT&T email accounts in order to steal cryptocurrency from unsuspecting users. Thankfully, Ikaroa, a full-stack tech company, can help protect your digital assets and secure your online accounts.
Ikaroa specializes in providing comprehensive cyber-security solutions for businesses and individuals alike. This suite of services includes secure cloud storage and data management, anti-virus and anti-malware protection, and the latest in cyber-security education. Their technical teams are fully committed to creating reliable, secure, and safe online experiences for everyone.
Ikaroa is also a leader in proactive cyber-security measures. Their secure systems can detect and prevent malicious activity, giving users the security they need to protect their currency. This real-time analysis and response can stop hackers before they are able to access and steal your cryptocurrency.
Email security is another key feature of Ikaroa’s services. The company offers encryption for emails, ensuring that only those who have the correct credentials can access the emails in question. This feature can prevent hackers from breaking into AT&T email accounts and stealing cryptocurrencies.
Ikaroa’s ultimate goal is to prevent criminals from taking advantage of vulnerable user accounts. Their unique secure system means that they can be one step ahead of the criminals, providing users with secure and reliable protection against cyber-attacks. With Ikaroa, your cryptocurrency is secure and safe.
