AT&T Website Security Hole Allows iPad User Email Addresses To Be Hacked

AT&T Says It Takes Customer Privacy Seriously

2 min read
AT&T Website Security Hole Allows iPad User Email Addresses To Be Hacked

According to various news stories, a security hole in AT&T's website allowed a hacking group called Goatse Security to gain access to 114,000 email addresses of iPad customers. The original news story and updates can be found here on the website. 

According to this story in ComputerWorld, the email addresses were downloaded after the group stumbled "... upon a program on AT&T's Web site that would send back the iPad user's e-mail address when given a unique SIM card identification number known as an ICC-ID (Integrated Circuit Card Identifier). By guessing ICC-ID numbers, the hackers were able to download 114,000 e-mail addresses..."

The Gawker story gives many more of the details for those interested.

AT&T acknowledged the security hole yesterday, after saying it had fixed in on Tuesday once the company learned of the problem on Monday. The ComputerWorld story quotes an AT&T spokesperson as saying the exploited feature as been turned off.

This story in the Wall Street Journal reports that, "Ed Amoroso, chief security officer at AT&T, said the hole grew out of an effort by the carrier to make it easier for customers to renew subscriptions."

AT&T (naturally) downplayed the damage done by the hackers, and security analysts seem divided over how material the breach was/is.

There is a story in the New York Times says that the mails addresses include "included military personnel, staff members in the Senate and the House, and people at the Justice Department, NASA and the Department of Homeland Security, said the group member. Private-sector addresses that were exposed include those of executives at The New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, the News Corporation, and HBO."

Various reports say that those who had their email exposed included White House chief of staff Rahm Emanuel, New York Mayor Michael Bloomberg, ABC News anchor Diane Sawyer, film producer Harvey Weinstein, and Col. William Eldridge, commander of the largest operational B-1 strategic bomber group in the U.S. Air Force.

AT&T complained that, "The person or group who discovered this gap did not contact AT&T," implying that the group had some obligation to do so.

Did it?

The company also said that, "We take customer privacy very seriously...  ."

I wonder if the 114,000 who have had their email exposed - especially those in the White House - or Apple - really believe that very much.

The Conversation (0)

How Police Exploited the Capitol Riot’s Digital Records

Forensic technology is powerful, but is it worth the privacy trade-offs?

11 min read
 Illustration of the silhouette of a person with upraised arm holding a cellphone in front of the U.S. Capitol building. Superimposed on the head is a green matrix, which represents data points used for facial recognition
Gabriel Zimmer

The group of well-dressed young men who gathered on the outskirts of Baltimore on the night of 5 January 2021 hardly looked like extremists. But the next day, prosecutors allege, they would all breach the United States Capitol during the deadly insurrection. Several would loot and destroy media equipment, and one would assault a policeman.

No strangers to protest, the men, members of the America First movement, diligently donned masks to obscure their faces. None boasted of their exploits on social media, and none of their friends or family would come forward to denounce them. But on 5 January, they made one piping hot, family-size mistake: They shared a pizza.

Keep Reading ↓Show less