Major AT&T Security Breach Exposes 114,000 iPad Owners’ Personal Data

June 10, 2010, By Alex Ion

After an embarrassing moment at this year’s WWDC keynote speech in San Francisco, where WiFi didn’t work as expected, Apple got their name involved in a new one. This time it’s much more important, as we’re hearing a security breach has exposed nothing less than 114,000 iPad owners (including CEOs, military officials and top politicians) to what experts call spam marketing and malicious hacking.

iPad security breach

Not too long ago, an Apple employee managed to lose an iPhone prototype in a bar, exposing almost everything about the handset on all possible tech blogs in the world. Now this … iLeak.

A group calling itself Goatse Security, managed to obtain sensitive subscriber data from the early-adopters of the iPad 3G. They used a script on AT&T’s website (something accessible for anyone with an Internet connection) for all these. But can this happen on AT&T? Apparently it does (or “did”, as the breach and the security hole was closed) if you use a faked iPad-style “User agent” header in your Web request.

From this to having a PHP script doing all the hard work, it was only a matter of time.

The exclusive list of emails include a lot of big names, and no, we’re not kidding. From Mayor Michael Bloomberg, White House Chief of Staff Rahm Emanuel, William Eldredge, who “commands the largest operational B-1 group in the U.S. Air Force,” New York Times CEO Janet Robinson or Diane Sawyer of ABC News, to Dow Jones CEO Les Hinton or Ann More, CEO of Time Inc, these are just a few.

But it doesn’t stop here. The tech industry has been affected, too, with accounts being compromised at Google, Amazon, Microsoft and AOL, among others. And the list can go on and on …

AT&T iPad Security Breach

So, just how important is privacy to AT&T since they operated a Web server with weak settings controls? Here’s what they said in an official letter.

“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.

This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

The person or group who discovered this gap did not contact AT&T.

We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.

We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.”

What can you do right now? Our best advice is to turn off the 3G on your iPad until further notice.

How about this Apple, are you going to consider Verizon or Sprint for your sleek devices from now on?

© 2008-2012 - All rights reserved | Privacy Policy