Printed from http://www.electronista.com

AT&T breach compromises 114,000 iPad 3G users [U]

updated 06:15 pm EDT, Wed June 9, 2010

ATT security hole may have shown iPad 3G data

(Updated with AT&T confirmation) An investigation today has found that a weakness in AT&T's security has exposed the identities of over 114,000 iPad 3G owners in the past few weeks. Hacker group Goatse Security claimed to Gawker to have manipulated an AT&T website-side script that would return the e-mail addresses associated with the ICC-IDs of the SIM cards in Apple's tablets. By using and guessing iPad ICC-IDs through a PHP script, as well as spoofing an iPad-like user agent, the group collected a large amount of personal information that included some well-known figures.

Among those compromised were top political officials such as House Chief of Staff Rahm Emmanuel and New York City Mayor Michael Bloomberg. Some in publishing, media networks and the US military will also have been exposed.

The hole is believed to have been closed a few days ago and wouldn't lead to security exploits on the iPads themselves. However, the plug arrived only after the hackers shared the script with other groups, some of whom may have used it to scrape e-mail addresses for any other 3G-capable iPad owner on AT&T. The carrier also hasn't notified customers of the escaped data.

AT&T has been contacted by Electronista, but a spokesman said the network didn't yet have an official response.

The unintentional leak has already been treated as a symbolic loss for AT&T. With iPhone customers in key cities like San Francisco still affected by heavy 3G data congestion and many others critical of its decision to end unlimited data plans, the carrier has been under heat to mend its reputation. AT&T's very broad upgrade eligibility for the iPhone 4 has been interpreted by some as a sign that it has been anticipating an end to its iPhone exclusivity; the iPad breach risks thwarting some of its goodwill efforts.

Update: AT&T has provided a statement confirming the security breach.

AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.

This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

The person or group who discovered this gap did not contact AT&T.

We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained. At this point, there is no evidence that any other customer information was shared.

We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.



Share



By Electronista Staff
toggle

Comments

  1. rbodgers

    Fresh-Faced Recruit

    Joined: Feb 2010

    +8

    This site just gets worse and worse

    "An investigation today has found..."
    - Who performed this investigation?

    "The unintentional leak has already been treated as a symbolic loss for AT&T"
    - by whom? Sources. And make them good and credible. I could care less what you and the other bloggers at this blog site think.

    "AT&T's very broad upgrade eligibility for the iPhone 4 has been interpreted by some..."
    - wow. "Some", huh? Impressive. Don't actually give examples. That would ruin the effect.

    "The iPad breach risks thwarting some of its goodwill efforts."
    - Excellent! Wild speculation! Or was there a completely uncredited source for this? This article wasn't written by an expert, which means I couldn't care less what your opinion is. You know how I know? Because no one took credit for it. And since no one took credit for it, I can't tell what their background is, how accurate they've been in the past, or make any other evaluations of these completely unsubstantiated remarks. So it clearly wasn't someone who was concerned about qualifications. But hey, you've been reading all of the other "Mac news" websites, right? That makes you an expert!

    You should work for Fox. At least they admit publicly that their content is editorial.

  1. starwarrior

    Fresh-Faced Recruit

    Joined: Mar 2006

    -2

    Someone Bought Three T-Mobile Phones

    with my data. Within five hours of turning on the iPad account with a credit card the credit card was compromised and used to buy three T-Mobile phone delivered to south Florida. It is under investigation. The T-Mobile signup site has very few safeguards if any against fraudulent charges. Their complaint staff is "Duh." Have others had unauthorized charges after turning on iPad?

  1. starwarrior

    Fresh-Faced Recruit

    Joined: Mar 2006

    -2

    Got Everything

    T-Mobile did tell me that they had everything as it is the only way to order phones. I think they got a lot more that email addresses.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1

    Re: This site

    Here's an idea, follow the link in the first sentence of the article to get the 'whole' story. What do you want MacNN to do, rewrite it word for word so you don't have to learn to go to another site?

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1

    Re: Got everything

    T-Mobile did tell me that they had everything as it is the only way to order phones. I think they got a lot more that email addresses.


    Note that the people who claimed to have gotten the email addresses may not have been the only ones to break into the site. People always think that if someone finds a problem, they're the only ones who possibly could have found it, and, on top of that, it is immediately reported to the proper folks and found on places like this.

    In fact, the hole was probably open the entire month of May and possibly before then, and any number of people may have discovered it.

    So, for all we know, there might be 20 different hackers who all grabbed information, and who knows what they did with the data.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Cat B100

Cat is primarily known for its heavy-duty machinery used in the construction industry and farming, among other areas. What may not be ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Sponsor

toggle

Most Commented

 
toggle

Popular News