← All posts
AT&T176MRecords exposedSSNPhoneAccountResponse1Credit freeze2Change pwd3Monitor
7 min read

AT&T breach: 176 million records resurface on the dark web in February 2026

AT&T breach data with 176 million records and 148 million SSNs is circulating again. Check if you're affected and protect yourself now.

securitybreachesattdata-breach2026

A massive dataset containing 176 million AT&T customer records began circulating on dark web forums on February 2, 2026. The data includes up to 148 million Social Security numbers, making this one of the most dangerous breach datasets ever compiled for a single company.

If you are or have ever been an AT&T customer, you need to act now. Here is everything you need to know.

What happened

According to Malwarebytes, a structured dataset of AT&T customer information began privately circulating on February 2, 2026. The dataset reportedly contains approximately 176 million records that have been compiled, merged, and enriched over multiple breach incidents affecting AT&T over the past several years.

This is not a brand-new hack. Rather, it represents the accumulation and weaponization of AT&T customer data that has been stolen across several incidents, including the March 2024 breach that AT&T confirmed affected 73 million current and former customers, and the July 2024 incident that exposed call and text metadata for nearly all AT&T wireless customers.

What makes this February 2026 resurgence especially dangerous is the completeness of the records. Earlier leaks contained fragments of customer data. This compiled dataset reportedly links names, addresses, phone numbers, emails, SSNs, and dates of birth into single, searchable records per individual. When an attacker can look up everything about a person in one place, the risk escalates from nuisance spam to full-blown identity theft.

What data was exposed

The 176-million-record dataset reportedly includes:

  • Social Security numbers - Up to 148 million full or partial SSNs
  • Full names and street addresses - More than 133 million records
  • Phone numbers - Over 132 million records
  • Email addresses - More than 131 million records
  • Dates of birth - Approximately 75 million records
  • Account identifiers - AT&T account numbers and service details

The combination of SSN, full name, address, date of birth, and contact information in a single dataset makes this an identity theft goldmine. This is the exact set of information needed to open credit accounts, file fraudulent tax returns, and take over existing financial accounts.

Am I affected?

You may be in this dataset if:

  • You are a current AT&T wireless or internet customer
  • You were a former AT&T customer at any point in the last decade
  • You used AT&T prepaid or Cricket Wireless services (an AT&T subsidiary)
  • Your data was shared with AT&T through a business or enterprise plan

Given that the dataset contains 176 million records and the US population is approximately 340 million, roughly one in two Americans could be affected.

How to check:

  1. Visit haveibeenpwned.com and enter the email address associated with your AT&T account
  2. Check your credit reports at annualcreditreport.com for any accounts you do not recognize
  3. If you received a breach notification from AT&T in 2024, assume your data is in this dataset

What to do right now

Time is critical. Criminals with access to this data can act quickly. Follow these steps in order.

1. Freeze your credit immediately

Since SSNs are in this dataset, credit freezes are your most important defense against identity theft. A credit freeze prevents anyone from opening new accounts in your name.

Contact all three credit bureaus:

Credit freezes are free and do not affect your credit score. You can temporarily lift the freeze when you need to apply for credit.

2. Change your passwords

Change the passwords for:

  • Your AT&T account (att.com or myAT&T app)
  • Your primary email account (the one linked to AT&T)
  • Any financial accounts (banking, credit cards, investment accounts)
  • Any account where you reused the same password as AT&T

If you have dozens of accounts to update, this is where Dosel saves you hours. Instead of manually navigating each website's password change flow, the AI agent handles it for you while keeping everything local on your machine.

3. Enable multi-factor authentication

Turn on two-factor authentication on every account that supports it. Prioritize:

  • Email accounts
  • Banking and financial services
  • Social media accounts
  • AT&T account itself

Important: Use an authenticator app (like Google Authenticator or Authy) instead of SMS-based codes. Since phone numbers are in this dataset, attackers may attempt SIM swap attacks to intercept your text messages.

4. Add a PIN to your mobile account

Call AT&T and add an extra passcode to your account. This makes it harder for an attacker to impersonate you and request a SIM swap or account changes. AT&T's fraud department can be reached at 1-800-331-0500.

You should also contact your carrier (whether AT&T or another provider) and ask about:

  • Port freeze or number lock - Prevents your phone number from being transferred to another carrier without in-person verification
  • SIM swap protection - Adds additional verification requirements before any SIM changes are processed
  • Account notifications - Alerts you by email whenever changes are made to your account

These protections are especially important because the breach dataset contains the exact information, including name, address, SSN, and phone number, that criminals use to impersonate you when calling your carrier.

5. Monitor your accounts and file protective reports

For the next 12 months:

  • Review bank and credit card statements weekly for unauthorized transactions
  • Check your credit reports monthly (you are entitled to free weekly reports through annualcreditreport.com)
  • Set up transaction alerts on all financial accounts
  • Consider signing up for an identity monitoring service
  • File an identity theft report with the FTC at identitytheft.gov to create a paper trail
  • Place a fraud alert with one of the three credit bureaus (it will automatically propagate to the other two)

If you notice any suspicious activity, such as accounts you did not open, credit inquiries you do not recognize, or unexpected changes to existing accounts, report them immediately to both the financial institution and the FTC.

Why breaches never go away

You might be thinking: "The AT&T breach happened in 2024. Why should I care in 2026?"

Breach data does not expire. Once your personal information is stolen, it enters a permanent criminal ecosystem where it is bought, sold, merged, and repackaged indefinitely. The February 2026 dataset is proof of this. Data from multiple AT&T incidents spanning years has been compiled into a single, more dangerous resource.

This is how breach data evolves:

  1. Initial theft - Raw data is stolen from a company
  2. Underground sale - Data is sold to criminal groups on dark web forums
  3. Enrichment - Criminals merge data from multiple breaches, adding SSNs from one source, addresses from another, phone numbers from a third
  4. Weaponization - The enriched dataset is used for targeted phishing, identity theft, and account takeover campaigns
  5. Resurfacing - The data re-enters circulation as new criminal groups acquire and redistribute it

Each time this cycle repeats, the data becomes more complete and more dangerous. The only defense is to assume your data has been exposed and proactively change your credentials before attackers exploit them.

Change your passwords faster with AI

After a breach affecting 176 million people, password rotation is not optional. But manually changing passwords across dozens of accounts takes hours, which is why most people never do it.

Dosel uses a local AI agent to automate password changes. Here is how it works:

  1. Import your accounts from your existing password manager (1Password, LastPass, Google Password Manager, or CSV)
  2. Select the accounts you want to rotate
  3. The AI agent navigates each website's password change flow automatically
  4. Export your new credentials back to your password manager

Everything runs locally on your Mac. No passwords are sent to any server. Zero-knowledge architecture means your credentials never leave your machine.

Download Dosel for free and change your at-risk passwords before attackers use them. The free tier handles 5 password changes per month, enough to cover your most critical accounts today.

If you have a large number of accounts to rotate, our Pro plan removes all limits for $2.99/month.

Sources

Need help rotating your passwords after this breach? Download Dosel or reach out at hello@dosel.app.

Protect your passwords with AI-powered automation.

Download Dosel