{"id":92261,"date":"2023-04-28T00:03:42","date_gmt":"2023-04-28T05:03:42","guid":{"rendered":"https:\/\/milesfortis.com\/?p=92261"},"modified":"2023-04-27T21:28:09","modified_gmt":"2023-04-28T02:28:09","slug":"92261","status":"publish","type":"post","link":"https:\/\/milesfortis.com\/?p=92261","title":{"rendered":""},"content":{"rendered":"

Hackers Are Breaking Into ATT Email Accounts to Steal Cryptocurrency.<\/a><\/p>\n

Unknown hackers are<\/span>\u00a0breaking into the accounts of people who have AT&T email addresses, and using that access to then hack into the victim\u2019s cryptocurrency exchange\u2019s accounts and steal their crypto, TechCrunch has learned.<\/p>\n

At the beginning of the month, an anonymous source told TechCrunch that a gang of cybercriminals have found a way to hack into the email addresses of anyone who has an att.net, sbcglobal.net, bellsouth.net and other AT&T email addresses.<\/p>\n

According to the tipster, the hackers are able to do that because they have access to a part of AT&T\u2019s internal network, which allows them to create mail keys for any user. Mail keys are unique credentials that AT&T email users can use\u00a0to log into their accounts using email apps such as Thunderbird or Outlook<\/a>, but without having to use their passwords.<\/p>\n

With a target\u2019s mail key, the hackers can use an email app to log into the target\u2019s account and start resetting passwords for more lucrative services, such as cryptocurrency exchanges. At that point it\u2019s game over for the victim, as the hackers can then reset the victim\u2019s Coinbase or Gemini account password via email.<\/p>\n

<\/p>\n

The tipster provided a list of alleged victims. Two of the victims replied, confirming they have been hacked.<\/p>\n

AT&T spokesperson Jim Kimberly said that the company \u201cidentified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password.\u201d<\/p>\n

\u201cWe have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,\u201d the spokesperson said, forcing the account owners to reset their passwords.<\/p>\n

AT&T declined to say how many people have been hit in this wave of hacks. \u201cThis process wiped out any secure mail keys that had been created,\u201d the spokesperson added.<\/p>\n

One victim told TechCrunch that hackers stole $134,000 from his Coinbase account. The second victim said that \u201cit has been happening repeatedly since November 2022 \u2014 probably 10 times at this point. I notice it has been done when my Outlook client fails to \u2018connect\u2019 and I quickly login to my [AT&T] site and delete their key and create a new one.\u201d<\/p>\n

\u201cVery frustrating because it is obvious that the \u2018hackers\u2019 have direct access to the database or files containing these customer Outlook keys, and the hackers don\u2019t need to know the user\u2019s AT&T website login to access and change these outlook login keys,\u201d the victim added.<\/p>\n

Also,\u00a0several people with AT&T and other related email addresses<\/a>\u00a0said on Reddit that they have been hacked.<\/p>\n

\u201cHello, my email was compromised back in March of this year and I have done everything I can to reset password, security questions, etc but occasionally I\u2019m still getting emails that a secure mail key has been created on my account without my knowledge,\u201d one user wrote. \u201cThey would even delete the email notification so I don\u2019t see it but I recently changed to another email for profile updates so they don\u2019t have access. This sounds like someone still has access to my account but how?\u201d<\/p>\n

Another person wrote: \u201cI\u2019ve had the same issue for months and just started again, password wasn\u2019t changed but account locked out and a Mail Key keeps being created somehow.\u201d<\/p>\n

The tipster claims that the hackers can \u201creset any\u201d AT&T email account, and that they have made between $15 and $20 million in stolen crypto. (TechCrunch could not independently verify the tipster\u2019s claim.)<\/p>\n

TechCrunch has seen a screenshot apparently coming from a Telegram group chat, where one of the hackers claims that the gang \u201chave the entire AT&T employee database,\u201d which allows them to access an internal AT&T portal for employees called\u00a0OPUS<\/a>.<\/p>\n

\u201cOnly thing we are missing is a certificate, which is the last key to accessing the [AT&T] VPN servers,\u201d the hacker wrote in the Telegram channel, according to the screenshot.<\/p>\n

The tipster said that the gang now has access to AT&T\u2019s internal VPN.<\/p>\n

Kimberly, the AT&T\u2019s spokesperson, denied that the hackers had any access to internal company systems. \u201cThere was no intrusion into any system for this exploit. The bad actors used an API access.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Hackers Are Breaking Into ATT Email Accounts to Steal Cryptocurrency. Unknown hackers are\u00a0breaking into the accounts of people who have AT&T email addresses, and using that access to then hack into the victim\u2019s cryptocurrency exchange\u2019s accounts and steal their crypto, TechCrunch has learned. At the beginning of the month, an anonymous source told TechCrunch that … Continue reading “”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,87],"tags":[],"class_list":["post-92261","post","type-post","status-publish","format-standard","hentry","category-crime","category-technology"],"_links":{"self":[{"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/posts\/92261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/milesfortis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92261"}],"version-history":[{"count":1,"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/posts\/92261\/revisions"}],"predecessor-version":[{"id":92262,"href":"https:\/\/milesfortis.com\/index.php?rest_route=\/wp\/v2\/posts\/92261\/revisions\/92262"}],"wp:attachment":[{"href":"https:\/\/milesfortis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/milesfortis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/milesfortis.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}