AT&T apologises to iPad 3G owners for security breach
US mobile phone carrier AT&T's Senior Vice President of Public Policy and Chief Privacy Officer Dorothy Attwood has sent out apology emails to iPad 3G owners for the recent security breach. Last week Goatse Security confirmed that they gained access to the email addresses of more than 100,000 iPad owners. The list of compromised email addresses included politicians, business leaders, scientists and the commander of the largest B1 bomber squadron in the US Air Force, William Eldridge. A number of Pentagon, White House and FBI addresses were also among those affected, causing the FBI to open an investigation.
In the email, Attwood says that she regrets the incident, but claims that only iPad 3G customer email addresses and AT&T SIM card ICC IDs were affected. Passwords and other private data had reportedly not been exposed. She also notes that "The hackers deliberately went to great efforts" to obtain the ICC IDs and email addresses, adding that action has been taken by AT&T "to prevent any further unauthorised exposure of customer email addresses". The company is currently working with law enforcement to investigate.
To get the email addresses, the hackers took advantage of a home grown PHP script, which sent ICC ID numbers from SIM's to the AT&T server. The server was expecting to be called by an application on the iPad to speed up logging into an AT&T bill management service as part of an AJAX styled query, so whenever a valid ICC ID was sent, the server responded with an email address.
- AT&T lets 114,000 email addresses of iPad owners leak out, a report from The H.