- Cybercriminals are exploiting an API issue to access AT&T email addresses of victims.
- The company has recognized unauthorized creation of secure mail keys.
- AT&T refused to disclose the total number of people attacked until now.
Unknown hackers are getting inside the accounts of individuals who own AT&T email addresses. The purpose behind doing so is to hack the cryptocurrency exchange accounts of victims and steal their crypto.
At the beginning of April, an anonymous source shared that a group of cybercriminals have got a way to hack into the email addresses of those with an att.net, bellsouth.net, sbcglobal.net as well as other AT&T email addresses.
The source added that hackers have access to a certain part of the internal network of AT&T, which enables them to make mail keys for any user. Mail keys are exclusive credentials used by AT&T email users to log into their account by using email applications like Outlook or Thunderbird and that too without using passwords.
The mail key of a target allows hackers to use an email app and log into the account of that target and reset password for even profitable services like crypto exchanges. Once all this is done, things get out of target’s hand since hackers reset the password of target’s Gemini or Coinbase account via email.
The source even gave a list of alleged victims with two victims confirming being hacked.
Jim Kimberly, AT&T spokesperson, said that the company found the unlawful creation of secure mail keys, which can be used in certain cases to access an email account with a password.
The spokesperson further shared about updating the security controls to prevent the activity. A password reset on certain email accounts was also required for precaution. The process destroyed secure mail keys that were created.
Account owners have been suggested to reset their passwords.
According to a victim, hackers stole $134,000 from his Coinbase account. Meanwhile, another victim shared the incident taking place repeatedly over 10 times since November 2022.
The victim said that hackers have direct access to the files or database that include customer Outlook keys, which is why they do not require the target’s AT&T website login to access and change the outlook login keys.
Many individuals who have AT&T and other related email addresses shared on Reddit about being hacked.
One user wrote that his email was compromised this year in March and despite resetting password and security questions, he still gets emails regarding the creation of a mail key on his account without his knowledge.
Another person reported facing the same issue for months and though the password was not changed, the account locked out and a mail key remains being created.
The source claims that hackers can reset any AT&T email account and have already made between $15 and $20 million in stolen crypto; however, there’s no confirmation.
According to a Telegram’s group chat screenshot, one hacker claims that the group has the complete AT&T employee database, which enables them to get hands on OPUS, an internal AT&T portal for employees.
The hacker also wrote that they are missing only a certificate, i.e. the only remaining key to access the [AT&T] VPN servers.
The source added that the hackers have access to the internal VPN of AT&T. However, Kimberly said there’s no truth to the claim that hackers had access to internal systems. There’s been no entry into any system and hackers used an API access.