Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts.
Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.
Crooks are targeting people who have att.net, sbcglobal.net, bellsouth.net and other AT&T email addresses. Some users with AT&T email addresses wrote on Reddit that they have been hacked, and some of them claim they had the same issue for months.
TechCrunch’s sources speculate the hackers have access to a part of AT&T’s internal network, then they exploited an API bug that allows them to take control of victims’ email addresses.
“According to the tipster, the hackers are able to do that because they have access to a part of AT&T’s internal network, which allows them to create mail keys for any user. Mail keys are unique credentials that AT&T email users can use to log into their accounts using email apps such as Thunderbird or Outlook, but without having to use their passwords.” reads the post published by TechCrunch.
Once obtained the victim’s mail key, attackers can use an email app to log into the target’s account and use the access to reset passwords for online services used by the target, including cryptocurrency exchanges. At this time it is still unclear the number of impacted users-
The sources also shared with TechCrunch a list of alleged victims and two of them confirmed they have been hacked, one of them told revealed that hackers stole $134,000 from his Coinbase account.
AT&T spokesperson Jim Kimberly told TechCrunch that the company is aware of the security breaches, she also added that they have “identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password.”Crooks broke into AT&T email accounts to empty their cryptocurrency wallets — SecOperations
Categories: Economic History
Leave a Reply