- Crypto Theft in New York – How a Moroccan Duped an American for $500,000 - August 17, 2023
- White Hacker Turns Black: $9M Crypto Heist - August 15, 2023
- Clop Group - August 15, 2023
Unidentified hackers are accessing the accounts of users with AT&T email addresses, utilizing that access to get into the victims’ accounts at cryptocurrency exchanges and steal their money.
An unnamed source claimed at the start of the month that a group of hackers had discovered a means to access anyone’s email accounts using the domains att.net, sbcglobal.net, bellsouth.net, and others owned by AT&T.
The tipster claims that the attackers’ accessibility to a portion of AT&T’s internal network gives them the ability to generate mail keys for any user, which enables them to accomplish their goal. Users of AT&T email can access their accounts using email clients like Thunderbird or Outlook by utilizing mail keys, which are special login credentials, rather than just entering their passwords.
Criminals may change passwords for more profitable services, including cryptocurrency exchanges, using a target’s mail key to log into the victim’s account via an email program. After that, the user is out of luck since the hackers may use email to reset the target’s Coinbase or Gemini account password.
List of purported victims was supplied by the tipper. Two of the victims responded and acknowledged being hacked.
One victim claimed that his Coinbase account had been hacked and that $134,000 had been taken. According to the second target, “it has happened regularly since November 2022 – perhaps 10 times at this point.”
“I immediately go into my [AT&T] site and delete their key and establish a new one when I realize that it has been done since my Outlook client is unable to ‘connect’.”
Several users with AT&T and other associated email addresses also claimed to have been compromised on Reddit.
Based on the tipster report, the group has recently gained access to AT&T’s internal VPN.
AT&T’s representative, Kimberly, refuted claims that the hackers gained access to any internal system of the business. In order to use this attack, there was no system penetration. API access was utilized by the evil guys.