The group found that entering a correct serial number for the iPad’s SIM card, called an integrated circuit card identification (ICC-ID), the log-in page would return an e-mail address associated with that iPad. They wrote code that would randomly generate those serial numbers and queried the Web site until an e-mail addresses were returned, according to AT&T.
AT&T designed the site to automatically populate the e-mail field in order to make it easier for its customers to log in. AT&T has since changed the page to require an e-mail address and password to be entered.
“The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer e-mail addresses,” wrote Dorothy Attwood, AT&T’s chief privacy officer, in an e-mail sent to affected customers. “They then put together a list of these e-mails and distributed it for their own publicity.”
AT&T said only the ICC-ID and e-mail address were exposed and that other personal account information and e-mail content were not. The hackers did not get access to AT&T data networks, according to the letter.
“We apologize for the incident and any inconvenience it may have caused,” Attwood wrote. “Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.”
AT&T will not offer any incentives to those customers affected, according to Mark Siegel, executive director for media relations.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read ouraffiliate link policyfor more details.