AT&T Apologizes to iPad Owners for Data Leak

| News

AT&T apologized to iPad 3G owners on Sunday for a security flaw that hackers exploited to obtain their microSIM card ID numbers, names and email addresses. The Web page the hackers used to collect information from over 114,000 accounts has since been changed to block anyone else from taking advantage of the flaw.

AT&T sent iPad 3G owners an email on Sunday, according to CNET News, apologizing for the incident. “Unauthorized computer ‘hackers’ maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service,” Dorothy Attwood, the company’s chief privacy officer, said in the email.

A group calling itself Goatse Security used a PHP script to generate random microSIM card numbers and then feed them to an AT&T iPad account login page. When the script entered an actual iPad owner’s SIM number, the page returned their name and email address.

The list eventually landed in the hands of Gawker, the parent company of Gizmodo, who claimed it included the names and email addresses of company CEOs, politicians and military officials.

“As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses,” Ms. Attwood said in the apology email. Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.”

While the stolen account information can be used to spam iPad users, so far it looks like the hackers won’t be able to use the data to gain access to individual iPads.

AT&T’s apology, however, doesn’t mark the end of the incident. The FBI is now looking into the circumstances that led to the data leak to determine whether or not a crime was committed, too.

“The FBI is aware of these possible computer intrusions and has opened an investigation into addressing the potential cyberthreat,” commented FBI spokesperson Lindsay Godwin.

Comments

Intruder

I never received such an e-mail. Is it then safe to assume mine was not one of the accounts compromised?

Log-in to comment