Unknown hackers have found a way to break into email accounts of people with AT&T email addresses and have been using that access to hack into the victims’ cryptocurrency exchange accounts and steal their digital currency, according to an anonymous source. The cybercriminals can hack into the email addresses of anyone with att.net, sbcglobal.net, bellsouth.net, and other AT&T email addresses because they have access to part of AT&T's internal network. With a target's mail key, they can log into the target's account and start resetting passwords for more lucrative services, such as cryptocurrency exchanges. Two victims have confirmed that they have been hacked, and the tipster provided a list of alleged victims. AT&T has acknowledged the issue and said that the company has identified the unauthorized creation of secure mail keys and has updated its security controls to prevent such activity. The company has also locked some email accounts, forcing their owners to reset their passwords. AT&T declined to say how many people have been hit in this wave of hacks.
The hackers can reportedly reset any AT&T email account and the tipster claims that the gang has made between $15 and $20 million in stolen crypto. An anonymous tipster said that the gang now has access to AT&T's internal VPN. However, AT&T's spokesperson denied that the hackers had any access to internal company systems and said that "there was no intrusion into any system for this exploit. The bad actors used an API access."
Several people with AT&T and other related email addresses have reported on Reddit that they have been hacked. One victim claimed that hackers stole $134,000 from his Coinbase account, while the other victim said that the issue has been happening repeatedly since November 2022. The hackers don't need to know the user's AT&T website login to access and change their Outlook login keys. AT&T has wiped out any secure mail keys that had been created, and as a precaution, the company has forced some email accounts to reset their passwords.