AT&T Accounts Hacked...

According to TechCrunch, hackers have been gaining unauthorized access to email accounts provided by AT&T, and using this access to steal significant amounts of cryptocurrency. Although it is uncertain how many people have been affected, one individual has reported a loss of $134,000 from a Coinbase account associated with a compromised email address. Email addresses using att.net, sbcglobal.net, and bellsouth.net domain names have been impacted.

The security vulnerability is related to mail keys, which are intended to enable users to log into their AT&T email accounts via clients like Outlook or Thunderbird. Somehow, attackers have found a way to generate these keys without the owner's knowledge, which they then use to request password resets from cryptocurrency exchanges like Coinbase or Gemini, and possibly other online accounts linked to the email address.

An AT&T spokesperson confirmed that the company had identified the unauthorized creation of secure mail keys that can provide access to an email account without requiring a password. The tipster that alerted TechCrunch to the issue claimed that hackers could create these mail keys because they have access to an internal AT&T system. However, AT&T disputes this and says the bad actors used an API access.

AT&T has updated its security controls to prevent this activity and has proactively required some email accounts to reset their passwords, which wipes out any secure mail keys that have been generated. It is unclear how long the problem has existed, but some victims have been experiencing ongoing issues with their mail keys since at least November last year.

This incident highlights how an email account can be a single point of failure for a user's online activities since access to the account can lead to access to all connected services. In this case, the services include cryptocurrency, making the potential losses even greater.