Client Login
 Quick Contact
AT&T Leak Exposes 114,000 iPad Customer E-mails
Category : General 10 Jun 2010 10:41 AM | Industry News
The data was downloaded by a hacking group known as Goatse Security, which obtained the information after stumbling upon a program on AT&T’s Web site that would send back the iPad user’s e-mail address when given a unique SIM card identification number known as an ICC-ID (Integrated Circuit Card Identifier).
The hacking group, Goatse Security, found that a program on AT&T’s Web site, when given an iPad’s ID number, would return the owner’s e-mail address. It used a script that could guess IDs and collect the associated e-mail addresses. The group eventually notified AT&T of the breach, and the security hole was closed.
AT&T said that it was tipped off about the security flaw by a "business customer," and not the group that discovered and exploited the flaw. In a statement, the company said, "AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device. This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses."
"We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained," AT&T said in its statement. "We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."
Earlier this year, Goatse Security exploited flaws in Firefox and Safari that dealth with problematic XPS codes.