AT&T breach exposes 114,000 iPad owners' email addresses

By on June 9, 2010, 7:22 PM
According to Valleywag, a security breach at AT&T has exposed confidential information about thousands of iPad owners. It's reported that a hacker group calling itself Goatse Security exploited a vulnerability in AT&T's site to obtain the email addresses and associated ICC-IDs of 114,067 people, including "dozens of CEOs, military officials, and top politicians."

AT&T has patched the hole, however, not before Goatse Security shared the flaw with a number of third parties. In other words, there's no telling whose hands the exploit fell into, nor what they might have done with the information. What's worse, the 114,067 compromised addresses only accounts for the data collected by Goatse, so it's likely many more have been exposed.

AT&T has commented on the matter, saying that a business customer (not Goatse Security) reported the hole on Monday and was resolved on Tuesday. The carrier said it's investigating the situation and will inform anyone who may have been affected.




User Comments: 14

Got something to say? Post a comment
captaincranky captaincranky, TechSpot Addict, said:

Hey, at least we found something that the iPad is good for.

Guest said:

ye haaaa

technology isn't it Great ...... :)

Staff
Jesse Jesse said:

You can't put this one in apple's lap, captaincranky.

captaincranky captaincranky, TechSpot Addict, said:

You can't put this one in apple's lap, captaincranky.
Well, maybe not directly. But still, it's nice to see that Apple's product has become an "equal opportunity" target for hackers. Maybe it's the lure of social elitism, that motivates criminals to want to know more about the owners of such a wonderful toy. Can we play with it too? That sort of thing.

Guest said:

wait.....they're called GOATSE security????!??!?!

Guest said:

As a software engineer I can see that MOST companies focus on functionality first and leave security as an afterthought. At my work we store store the SSN, driver license images/info with full address and name unencrypted in the database. It has been pointed out as a security hole for YEARS, but it has not been addressed because the customer is not aware of it AND regulators don't require it.

Remember, any company will do the LEAST amount of work on security because security does not sell most line of business software -- it is functionality. Yes, there is a liability of data breaches and the associated costs of lawsuits, but that cost is trivial in comparison to off-shoring ALL back office and testing functions.

What happens when the offshore company goes under, or sells your data to competitor? Given that you no longer have the knowledge to run your back office, you can't quickly in-house and the company is dead. Virtually no company thinks or addresses this in their disaster mitigation plans. But short term gain vs. long term strategy is the name of the game these days...

Docnoq said:

Guest said:

wait.....they're called GOATSE security????!??!?!

Hahaha that's the first thing that I noticed too. Classic.

paynetrain007 said:

You can't blame it directly on Apple, But Apple and AT&T go hand and hand. These hackers wanted to go after Apple directly. So I say you can partially put the blame on Apple for being such ****** and claiming "unhackable" hardware/software

SNGX1275 SNGX1275, TS Forces Special, said:

You can't blame it directly on Apple, But Apple and AT&T go hand and hand. These hackers wanted to go after Apple directly. So I say you can partially put the blame on Apple for being such ****** and claiming "unhackable" hardware/software

I don't know what you are talking about, I've never seen Apple make such a remark about being unhackable. It wasn't even Apple's hardware or software involved in this, nobody is to blame here except AT&T.

captaincranky captaincranky, TechSpot Addict, said:

I don't know what you are talking about, I've never seen Apple make such a remark about being unhackable. It wasn't even Apple's hardware or software involved in this, nobody is to blame here except AT&T.
Actually they have, but by virtue of omission. This goes back to the "I'm a PC" ad campaign. If you'll remember, the PC catches a virus in one of the sequence, but of course, the Mac is immune. BUY MAC....yay...!

jgvmx said:

The ipad got goatse'd

SNGX1275 SNGX1275, TS Forces Special, said:

CC - I don't see how that is saying they are unhackable, its just illustrating the amount of viruses on each. In any case, that is a totally separate scenario than this - a consumer computer OS vs AT&T and their security. Apple isn't even involved in this, I don't know how you guys can justify Apple being to blame for AT&T getting hacked.

captaincranky captaincranky, TechSpot Addict, said:

CC - I don't see how that is saying they are unhackable, its just illustrating the amount of viruses on each.
OK, given the oversimplification of this particular ad campaign. They make it quite clear that the Mac is still standing. There's never any disclaimer that there are also viruses that can affect Mac. There's no question that the PC is dead, and the Mac lives.
In any case, that is a totally separate scenario than this - a consumer computer OS vs AT&T and their security. Apple isn't even involved in this, I don't know how you guys can justify Apple being to blame for AT&T getting hacked.
I agree, Apple and its iPad owners got it stuck to them by proxy. In this case, I don't subscribe to At&t, nor do I own an iPad, and I feel I'm all the luckier for it.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.