It recently came out that around 2,000,000 AT&T phones were unlocked by hackers that bribed AT&T employees. Muhammad Fahd and co-conspirators allegedly bribed a handful of AT&T employees to make the unlocks possible.
As I understand it, around 2012 lists of IMEI numbers were provided to bribed employees so that devices could be fraudulently unlocked. Eventually, the crimes became more involved. Bribed employees installed malware on AT&T systems and fraudulent wireless access points in AT&T facilities.
It’s a crazy story. Several years ago, I wondered how so many third-party services managed to offer device unlocking. I suppose this story is part of the explanation.
For more details, check out Ars Technica’s article.