AT&T email accounts have reportedly been compromised by hackers who are using the access to steal large amounts of cryptocurrency. The security vulnerability revolves around the use of mail keys which allow users to log into their AT&T email accounts via clients like Outlook or Thunderbird. Attackers appear to have found a way to generate these keys without the knowledge of the email account owner, giving them access to sensitive information.
While it is not yet clear how many people have been impacted, one victim claims to have lost $134,000 from a Coinbase account associated with a compromised email address. Email addresses with att.net, sbcglobal.net, and bellsouth.net domain names have all reportedly been affected.
AT&T spokesperson Jim Kimberly confirmed that the company had “identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password.” However, there is some dispute as to how hackers were able to generate these keys. The tipster who alerted TechCrunch to the issue claims that hackers have access to an internal AT&T system, while Kimberly disputes this, stating that “there was no intrusion into any system for this exploit. The bad actors used an API access.”
AT&T has updated its security controls to prevent this activity and has proactively required a password reset on some email accounts. The company has also wiped out any secure mail keys that had been created. However, it is not yet clear whether the security issue has been fully resolved.
This incident highlights the potential dangers of relying on a single email account as the access point for many online services. In this case, cryptocurrency exchanges like Coinbase and Gemini were targeted, with potentially devastating consequences for victims. It is also a reminder of the importance of maintaining strong security measures, such as using multi-factor authentication and regularly changing passwords.
It is not clear how long this security vulnerability has existed, but one victim reported ongoing issues with their mail keys since November 2022. A Reddit post from the same time period also mentions a similar issue. The full extent of the damage caused by this attack remains to be seen, but it is clear that online security is more important than ever.