According to various news stories, a security hole in AT&T's website allowed a hacking group called Goatse Security to gain access to 114,000 email addresses of iPad customers. The original news story and updates can be found here on the website. 

According to this story in ComputerWorld, the email addresses were downloaded after the group stumbled "... upon a program on AT&T's Web site that would send back the iPad user's e-mail address when given a unique SIM card identification number known as an ICC-ID (Integrated Circuit Card Identifier). By guessing ICC-ID numbers, the hackers were able to download 114,000 e-mail addresses..."

The Gawker story gives many more of the details for those interested.

AT&T acknowledged the security hole yesterday, after saying it had fixed in on Tuesday once the company learned of the problem on Monday. The ComputerWorld story quotes an AT&T spokesperson as saying the exploited feature as been turned off.

This story in the Wall Street Journal reports that, "Ed Amoroso, chief security officer at AT&T, said the hole grew out of an effort by the carrier to make it easier for customers to renew subscriptions."

AT&T (naturally) downplayed the damage done by the hackers, and security analysts seem divided over how material the breach was/is.

There is a story in the New York Times says that the mails addresses include "included military personnel, staff members in the Senate and the House, and people at the Justice Department, NASA and the Department of Homeland Security, said the group member. Private-sector addresses that were exposed include those of executives at The New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, the News Corporation, and HBO."

Various reports say that those who had their email exposed included White House chief of staff Rahm Emanuel, New York Mayor Michael Bloomberg, ABC News anchor Diane Sawyer, film producer Harvey Weinstein, and Col. William Eldridge, commander of the largest operational B-1 strategic bomber group in the U.S. Air Force.

AT&T complained that, "The person or group who discovered this gap did not contact AT&T," implying that the group had some obligation to do so.

Did it?

The company also said that, "We take customer privacy very seriously...  ."

I wonder if the 114,000 who have had their email exposed - especially those in the White House - or Apple - really believe that very much.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
An illustration of a series
Carl De Torres

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less