AT&T security hole exposes iPad e-mail addresses

Posted by on Jun 10, 2010 | Leave a Comment

The e-mail addresses of Apple iPad users had been exposed by a security hole said AT&T late Wednesday. AT&T is the second largest wireless service provider whispered that the problem had been fixed and it would report to customers of the violation, which also exposed their iPad identification numbers used to validate a wireless user.

In a statement the company said, “The issue has escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.”

On Monday one of its business customers informed of the security breach said AT&T. It is Apple’s exclusive partner on the iPad and iPhone. The wireless company also said the person or group that first discovered the security hole did not contact AT&T.

In April 2009, it was launched and has sold 2 million iPads but did not describe how many customers were affected, said Apple Company. But on earlier Wednesday Gawker reported the hole and said 114,000 e-mail addresses were exposed. Apple Company did not take any action to an interview request at that time.

Gawker said, “The hacker group who breached AT&T’s network obtained the e-mail addresses of top level politicians, television reporters and business executives, including White House Chief of Staff, Rahm Emanuel (check out my colleague, Michael Shear’s story on iPads in the White House inner circle).”

He also added,“The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s information was compromised.”

AT&T answered, “We continue to investigate and will inform all customers whose email addresses and ICC Ids may have been obtained. At this point there is no evidence that any other customer information was shared.”

Gawker reported,“The information was obtained by a hacker group calling itself Goatse Security. The group used a script on AT&T’s website, accessible to anyone on the internet, to get the data and when provided with an ICC-ID as part of an HTTP request, the script would return the associated email address.” By looking at known iPad 3G ICC IDs which is publically displayed on the Web, the Web site’s security researchers were capable to presumption a large swath of ICC IDs.

It is not clear that what will be the effect on AT&T’s relationship with its partner (Apple) by its mishap? About network congestion problems, iPhone users have complained with the exclusive partner. To strike a business deal with their provider, Verizion Wireless customers have waited worriedly for Apple.

Apple and the iPad OS are not responsible for this security hole, opposing to sensationalist headlines. The hole was located on AT&T’s databases and it is unclear if AT&T has yet to even notify Apple about the security breach. Neither company has yet to respond to this breaking story.

Leave a comment