AT&T apologizes, blames hackers for iPad e-mail breach

AT&T issued an apology on Sunday for a hack that exposed thousands of iPad customers’ e-mail addresses last week and vowed to work with law enforcement to prosecute those responsible.

A hacking group called Goatse Security obtained about 114,000 e-mail addresses of people such as White House Chief of Staff Rahm Emanuel and New York Mayor Michael Bloomberg by exploiting an authentication page on AT&Ts Web site.

The group found that entering a correct serial number for the iPad’s SIM card, called an integrated circuit card identification (ICC-ID), the log-in page would return an e-mail address associated with that iPad. They wrote code that would randomly generate those serial numbers and queried the Web site until an e-mail addresses were returned, according to AT&T.

AT&T designed the site to automatically populate the e-mail field in order to make it easier for its customers to log in. AT&T has since changed the page to require an e-mail address and password to be entered.

“The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer e-mail addresses,” wrote Dorothy Attwood, AT&T’s chief privacy officer, in an e-mail sent to affected customers. “They then put together a list of these e-mails and distributed it for their own publicity.”

The e-mail addresses were passed to Gawker.com. Goatse maintains that it did not directly contact AT&T but waited until the company fixed the problem before giving the e-mail addresses to Gawker and said it has since destroyed the data.

Nonetheless, the Federal Bureau of Investigation opened a probe last Thursday into whether Goatse Security broke the law.

AT&T said only the ICC-ID and e-mail address were exposed and that other personal account information and e-mail content were not. The hackers did not get access to AT&T data networks, according to the letter.

“We apologize for the incident and any inconvenience it may have caused,” Attwood wrote. “Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.”

AT&T will not offer any incentives to those customers affected, according to Mark Siegel, executive director for media relations.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Apple @ Work Newsletter

Comments