Get the new iPhone 15, iPhone 15 Plus, iPhone 15 Pro & iPhone 15 Pro Max from AT&T Now!
Need to update email settings?
invisibleman22015's profile

New Member

 • 

32 Messages

Monday, November 14th, 2022 10:51 PM

Secure Mail Key Added Without My Permission

For the 2nd time now a secure mail key has been added to my AT&T email account without me initiating or requesting this to happen. I have a screencap of it but I cannot reach anyone at AT&T (I don't pay for any services - this is a free email account). Unfortunately I do still have a couple of legacy accounts attached to my @att.net email address and it will take me some time to change them over.

Can someone tell me how this is possible/how it was accomplished and whether I should be concerned about potential account compromise? I changed my login password after the last time but that doesn't seem to have helped.

Accepted Solution

Official Solution

Employee

 • 

383 Messages

6 months ago

Hello Community,

We appreciate your patience and thorough responses and comments around this issue.  Thanks to your feedback, and the examples you provided, we were able to identify a new attempt by bad actors to try and get access to some customer's email accounts.  We do our best to put in security measures to prevent these issues from happening, and that's why we have recently been promoting 2-factor authentication.

In the coming days you may be prompted to reset your password as we work to resolve these issues and prevent future attacks.  We know it's frustrating, and appreciate you all working with us to find a solution.

Thanks

Tim, AT&T Customer Specialist

New Member

 • 

32 Messages

11 months ago

For everyone else who finds this thread later - AT&T isn't interested in assisting with, nor properly securing, free email accounts. I guess I can't *totally* blame them but it would be nice if they cared a bit more about identity theft and such. In any case you should know you'll have no recourse and need to migrate any sensitive accounts away from this domain. I guess I have another spam-only email address now!

Quote from the DM reply:

"I reached out to the email support team, and they were not able to assist at this time because this is a free email account. I recommend that you continue to delete the secure mail key from your account."

Good luck to anybody who doesn't notice that a secure mail key got added by, presumably, a bad actor who's now able to send and receive mail as them. Hope you stay alert and on the ball (and know how to quickly delete those keys)!

For AT&T: this kinda (Edited per community guidelines) and I think you probably know that.

(edited)

New Member

 • 

30 Messages

11 months ago

Someone has been doing this to me for the last year, you're not alone.  I had to move everything from my account to a different provider.  It's incredibly annoying.  Changing password does nothing to stop it from happening.  My email account of 15+ years is now useless and unsecure.  

New Member

 • 

11 Messages

10 months ago

Same thing just happened to me.  To borrow an old horror movie phrase, I suspect the problem is "the caller is in the house".  I imagine the only way this can happen is an att employee or subcontractor.  My problem started 2 days after a support call regarding a billing issue.  Coincidence - maybe, maybe not.  Why no 2FA??

New Member

 • 

11 Messages

10 months ago

Also why change the security questions if it is not an inside job??

New Member

 • 

11 Messages

10 months ago

The NSA would have a hard time with my password.  Ditto security questions.  INSIDE JOB

New Member

 • 

30 Messages

10 months ago

Happened again today.  Had to reset passsword to get into my own account again, (I just changed it yesterday).  And delete the mail key.  I'm about to just shut down this whole account since I moved everyting to a different provider already.  Just (Edited per community guidelines), I've had this email for so long.  

(edited)

Tutor

 • 

78 Messages

10 months ago

This just happened to me as well (today).  I looked back and realized it also happened on October 21, 2022 as well.  It looks like AT&T has a major security breach. Since invisibleman reports that AT&T was unwilling to help, is there any advice any one has beyond deleting the unauthorized mail keys? 

  • Should we update all our legit secure mail keys?
  • Is there a way to require 2 factor authorization for creating new secure mail keys?
  • Etc.

New Member

 • 

13 Messages

10 months ago

Chiming in.  Same happened to me back in Sept '22.  Didn't notice for about 2/3 hours, and lo and behold they were also resetting my Microsoft account since the recovery email was my att.net one.  Reclaimed my accounts before any purchases/changes were made, reset my att.net email pw to something nobody could ever guess.

Fast forward to today, 11/28/22, and I see a secure mail key was added mysteriously again.  Deleted.

Called At&t and the agent stated no interactions took place between Sept and today.  Mysterious, indeed!  They also called me on another line in order to authorize a reset of my 4 digit passcode and security question, both of which I don't remember ever setting up.

Will just monitor I suppose, but ideally I'm assuming it's best to get off of att.net free email in favor of something more secure.  Major hassle/interruption since I have had this account for over a decade as well.

Fun stuff.

Tutor

 • 

78 Messages

10 months ago

I was able to quickly reach Matthew at AT&T.  He checked my account and said there weren't any unauthorized logins or other activities on my account in the last 30 days.  I'm not sure how he could know this, but I acknowledge that AT&T might have checked the systems I logged in from and found them all to be my usual devices.

I have a Microsoft account and a Google account as well.  Both let me see recent login activity; that makes me feel much more secure.

Regardless, I ended up deleting ALL my secure mail keys & re-doing them.  Also changed my account password and security questions.  I looked around for other actions to take, but could not find any other options.

Not finding what you're looking for?