AT&T Data Breach Exposes Details Of 73 Million Accounts To The Dark Web

AT&T's corporate headquarters on a sunny day.
AT&T is in the process of alerting millions of current and former account holders of an alarming data leak that  exposed sensitive details to the dark web, including social security numbers. An initial investigation suggests that the leaked data set is from 2019 or earlier, and contains "personal information" belonging to 7.6 million current and 65.4 million former account holders. The disclosure comes barely a month after issued an apology and $5 bill credit for a massive outage.

"AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web. While AT&T has made this determination, it is not yet known whether the data in those fields originated from AT&T or one of its vendors," AT&T states in the FAQ section of a support page outlining the data breach.

This also impacts DirectTV account holders, as AT&T outlines in a separate email that I received (as a DirecTV customer). That's because AT&T acquired DirecTV in 2014 for $48.5 billion. Additionally, it sounds as though the breach is not limited to cell phone and DirecTV subscribers, but affects any kind of AT&T account—the same email specifically mentions U-verse, formerly a DirecTV brand of IPTV service which has since been renamed to AT&T Internet.

Hacker wearing a hoodie with his face concealed, using a laptop. Jumbled numbers appear on the wall in the background.

According to AT&T, the stolen and subsequently leaked data that's on the dark web does not contain personal financial information or call histories. However, in addition to social security numbers, it may also contain full names, email addresses, mailing addresses, phone numbers, dates of birth, account numbers, and passcodes. The extent of the exposed data varies by customers.

You should receive an email if your account is affected. For those accounts, AT&T took the liberty of resetting passcodes. You can change it by following these steps...
  • Navigate to myAT&T Profile and sign into your account (if prompted). If you have extra security enabled and are unable to log in, select Get a new passcode.
  • Scroll to My linked accounts
  • Select Edit for the passcode
  • Follow the prompts
"In addition to resetting your AT&T passcode, we encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus—Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via," AT&T says.

While unfortunate, this AT&T incident serves as a good reminder to hone your security habits. That includes using different passwords for different sites, and also different passcodes. Passcodes are typically four-digit numbers. If, for example, you used the same passcode for AT&T as your banking PIN, you should considering changing both and making them different from one another.