A major AT&T data leak posted to the dark web included passcodes, Social Security numbers

  • AT&T reset passcodes after a massive customer-data leak surfaced on the dark web.

  • The company said the leak impacted 7.6 million current and 65 million former account holders.

  • The data included names, email addresses, Social Security numbers, and other personal information.

AT&T is reaching out to millions of customers after their personal information — including Social Security numbers — surfaced on the dark web.

AT&T reset passwords on millions of customer accounts after TechCrunch notified the company on Monday that a massive customer-data leak posted to the dark web included passcodes, the outlet reported.

The massive data dump, which surfaced this month, appears to be user information from 2019 or earlier, the company said in a statement. AT&T said it's "launched a robust investigation supported by internal and external cybersecurity experts" after learning of the breach and found no evidence of "unauthorized access" that could have caused the leak.

"Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders," AT&T said.

The leak contains encrypted passcodes for millions of user accounts, which a security researcher who analyzed the data said are easy to decipher, TechCrunch reported. AT&T said Social Security numbers were also included in the leak. The company is contacting impacted customers and offering to cover credit monitoring "where applicable," it said.

In a safety notice on its customer-support page, AT&T said that the leaked data varies by account but may include full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes.

AT&T recommended that affected customers reset their passwords and set up free fraud alerts with the nation's three credit bureaus: Equifax, Experian, and TransUnion.

News of this data leak follows a nationwide cellular-service outage for millions of AT&T customers that lasted nearly 12 hours in February. AT&T said that a software update caused the outage, not a cyberattack.

The FBI and Department of Homeland Security are investigating the source of the outage, John Kirby, a White House spokesperson, said in February. The company issued a $5 credit for customers who lost service during the outage.

Read the original article on Business Insider