bit-tech.net

AT&T's iPad customers' e-mails leaked

AT&T's iPad customers' e-mails leaked

iPad owners on AT&T's network could find more spam in their inbox today, following the leaking of their e-mail addresses.

The e-mail addresses of more than 114,000 iPad owners in the US were leaked following a brute-force attack on carrier AT&T's website this week.

The details, which were released in full to Gawker, included the ICC-ID of the microSIM within 3G-enabled iPad units and the e-mail address of its registered user - although no other details, such as address or payment information, are thought to have been included.

Those affected by the breach are thought to include members of the US government and military along with the private e-mail addresses of entertainment industry moguls including the CEO of the New York Times, the president of News Corp., and the founder of Bloomberg. Perhaps the most interesting entry on the list of known iPad owners, however, is William Eldredge - commander of the largest B-1 strategic bomber group currently active in the US.

The attack - which involved sending random ICC-ID codes to a script on AT&T's website, which has since been disabled, and receiving e-mail addresses back if they proved to be valid - was carried out by the infamous Goatse Security group. While it is not thought that Goatse Security profited from the attack in any way, AT&T is claiming that it was alerted to the breach by a "business customer," rather than the security group that originally discovered the flaw.

However, the group does admit to having shared the PHP script which enabled the brute-force attack with un-named third parties - so it's possible that far more than 114,000 e-mail addresses have been exposed, and that the information is more than likely to make its way into the hands of spammers and other ne'er-do-wells sooner rather than later.

AT&T has apologised for the security breach, and promised to continue to investigate the issue and "inform all customers who's e-mail addresses and ICC IDs may have been obtained" as soon as its investigations are complete.

Are you surprised that such a gaping security hole existed on AT&T's website, or just pleased that it only appears to have been e-mail addresses - and not bank details or passwords - that were leaked? Share your thoughts over in the forums.

7 Comments

Discuss in the forums Reply
Guinevere 10th June 2010, 10:31 Quote
Headline says "e-mails leaked". But article says only the email address'. Which is it?
mclean007 10th June 2010, 10:33 Quote
So AT&T had a script on its site that would return the e-mail address associated with a given ICC-ID to anyone who requested it, without any form of authentication? Sloppy.
Gareth Halfacree 10th June 2010, 10:48 Quote
Quote:
Originally Posted by Guinevere
Headline says "e-mails leaked". But article says only the email address'. Which is it?
Addresses. In this case, "e-mails" is short for "e-mail addresses" - as in "can I have your e-mail?"
Jim 10th June 2010, 11:23 Quote
They could've at least spelled whose correctly.
lacuna 10th June 2010, 15:21 Quote
'Goatse Security'

Reading that is like losing the game but a million times worse. Those images hadn't darkened my mind for months.
supermonkey 10th June 2010, 17:55 Quote
Quote:
Originally Posted by The Article
Perhaps the most interesting entry on the list of known iPad owners, however, is William Eldredge - commander of the largest B-1 strategic bomber group currently active in the US.
I curious as to why William Eldredge is any more interesting than any of the other names on the list, particularly the heads of major news and media companies. Until I read his name in this article, I never knew he existed.

I also thought the title was a bit misleading. I initially read it to mean the actual e-mails were leaked.
Nedsbeds 11th June 2010, 07:05 Quote
Quote:
Are you surprised that such a gaping security hole existed

Seems quite apt what with it being goatse...
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums