Last month, more than 73 million sets of data of current and former AT&T customers were found on the dark web. AT&T is a telecommunications, media, and technology provider and the fourth largest telecommunication company in the world by revenue.
While AT&T’s investigation continues, AT&T revealed details about the data leak to the public. According to AT&T, the leaked data set included customer names, email addresses, phone numbers, social security numbers, dates of birth, account numbers, and passcodes.
AT&T revealed that it is contacting current and former customers to inform them about the leak of data. The company has reset passcodes already and is asking affected customers to stay vigilant and monitor credit activity.
Data breaches are common
The Identity Theft Resource Center’s report for data breaches in 2023 concluded that breaches increased by 78% in 2023. The breaches affected more than 353 million data sets, a new “all-time high for data compromises reported in the United States”.
2024 could very well top 2023, considering that AT&T’s data breach alone affected more than 73 million customer records.
Most data breaches happen on cloud-based servers. While customers cannot prevent breaches, as this is the sole responsibility of the company offering a service, they can make sure that their security is airtight
This includes selecting secure strong passwords for each account. The use of two-factor authentication, preferably using authenticator apps or hardware keys, is recommended by security experts as well.
What affected users need to do
Criminals target valuable data in breaches. Passwords and passkeys, credit card information, or social security numbers are lucrative, as they may be used for financial gain, account takeovers, or money by selling the information on the dark web.
Panic may set in when customers are informed about a data breach. It is important to stay calm in the situation and react quickly.
Here is a list of important data and how to react if it gets stolen:
- Passwords, passcodes, and passkeys – need to be changed immediately.
- Credit Card information – monitor transactions and check bank and credit card statements regularly to detect unauthorized transactions quickly.
- Email addresses, names, and other personal information – This may be used for social engineering attacks, e.g., phishing attacks that use correct personal data.
Passwords and other authorization data
One of the first steps after a breach notification is to make sure that all accounts are secure. If the attacker managed to obtain password information, it is essential to change passwords immediately.
This can be done manually, but it is not advisable for several reasons. First, because it is necessary to create a secure unique password for each account. Second, because it may also be necessary to change the password for other accounts (see password reuse below).
Password managers assist users in several ways when it comes to creating and storing passwords. They create strong and unique passwords for accounts and make the changing of passwords easier through automation.
Note: it is essential to change the password of the affected account, but also if the password was reused elsewhere, or if weak passwords are associated with the customer’s email address or username.
Password managers such as NordPass are an excellent option to avoid password reuse, as it is no longer a burden to create or remember unique secure passwords manually for each account. The password manager handles that. Users can sign in to the password manager using a password; excellent ones, like NordPass, also support biometrics for even easier access.
Unique passwords prevent attacks against multiple accounts of a customer. Attackers may try the email address and password combination on popular sites to gain access to them. This does not happen if passwords are not reused.
How to change passwords using NordPass
The NordPass user interface is intuitive. It has a search to find a specific account and options to open passwords directly. Here users find the list of all passwords. A click on the account opens its overview page. Select the AT&T account to start the password changing process for that specific account, or any other account listed. It is also possible to create new accounts, for instance, when switching to NordPass.
Options to import passwords from other password managers are provided. Users who never used a password manager before need to add accounts manually. This is a one-time process and quickly done.
The password manager highlights issues with the password right away. It informs users if the password is weak, old, or has been used elsewhere.
Changing passwords is easier if the NordPass extension is used, but it is also straightforward in the desktop and mobile apps.
The password generator is easy to use. It opens with a click and gives users full control over the length and strength of the password. Each password is rated, for example, T1cULxdkG%d31GCC91b&, is considered a strong password. Difficult to impossible to remember manually, but NordPass does all of that for you.
A click on “fill password” saves the new password to the account. Note that it is necessary to change the password on the actual website of the service, which requires signing in to the site in question.
The workflow is therefore:
- Visit the website of the service and sign-in to the account.
- Activate the option to change the password.
- Select the generate password option in NordPass to generate a secure password.
- Paste it on the website when asked to type a new password.
How to use NordPass’ breach check
NordPass includes a tool to check for email address and credit card data leaks. Data sets of many breaches leak to the public. Security companies use these to check for data breaches in safe environments.
Here is how that is done in NordPass:
- Select Data Breach Scanner in the NordPass interface.
- Wait for the scan to complete.
- NordPass informs the user if account emails, or credit card information has leaked.
A click on any of the listed services displays detailed information about the leak. It reveals when the leak happened, the email address in question, the password, and additional information, including the number of data sets that leaked.
It Is necessary to change the leaked password to protect the account against attacks. Any leaked password should be considered burned. It is necessary to change the password on the service’s website using the secure password generator.
A click on “mark as resolved” ends the process.
Note: the password manager can only check data that it knows about. The “add email” and “add credit card” buttons can be used to add the information to NordPass comfortably.
Password Health
Password Health is another security feature of NordPass. It analyzes all passwords and reveals weak, old, or resused passwords. These can then be changed to better stronger passwords with a few clicks of the mouse.
Password managers and data breaches
Top password managers like NordPass use strong encryption and support secure synchronization of user data between all devices and web browsers. This allows users to access all passwords and other stored data on all devices effortlessly and without compromising security.
Password management applications are helpful when it comes to data breaches. They allow users to quickly change passwords for accounts to protect these accounts against unauthorized access. Syncing ensures that all a user’s devices get the new password information immediately, which avoids any interruptions to work or general access to services.
Good password managers come with extra features that make life even easier and improve security at the same time.
NordPass, for example, offers the following set of features that improve security:
- Leaked data checks – this informs users if sensitive data was found in public leaks. The sooner users know about leaks, the faster they can react and secure their accounts.
- Vulnerable passwords checker – the tool checks all passwords for the following issues:
- Weak passwords – short passwords or easy to guess ones are highlighted.
- Reused passwords – if the same password is used for multiple accounts.
- Old passwords – passwords that are very old are highlighted.
- Generate secure passwords – NordPass generates secure passwords. Users can specify the length of the password and make other customizations. This is helpful, as some services have certain requirements for passwords.
What to look for in password managers
Not all password managers are created equal. Here is a checklist of what to look for when selecting a password manager:
- Compatibility with all your devices
- Use of strong encryption to protect passwords and other user data.
- Support for two-factor authentication to further protect the password database.
- Security audits by independent security experts.
- No password storage or synchronization limits.
- Secure password generation.
- Data breach notifications to react as quickly as possible to breaches.
- Support for passkeys, a new form of authentication that offers several advantages over passwords.
NordPass supports all these features and more
Verdict
Internet users cannot do anything against data breaches, but they can improve the security of their accounts and data on their end. The NordPass password manager helps users improve account security and react to breaches swiftly.
It does so through excellent audited security and integrated tools. The strong password manager creates new secure passwords effortlessly, and the data breach checker informs users about data breaches.
All in all, it is a highly recommended tool for Internet users who want to strengthen security.
