Network News

X My Profile
View More Activity

AT&T : security gap exposed Apple iPad e-mail addresses, IDs

AT&T said late Wednesday that a security breach had exposed the e-mail addresses of Apple iPad users. The nation’s second-largest wireless service provider said that the problem had been fixed and that it would inform customers of the breach, which also exposed their iPad identification numbers used to autheticate a wireless user.

Gawker said the hacker group that breached AT&T's network obtained the e-mail addresses of top level politicians, television reporters and business executives, including White House chief of staff Rahm Emanuel (check out my colleague, Michael Shear's story on iPads in the White House inner circle).

AT&T did not say how many customers were affected. But Gawker, which reported the breach earlier Wednesday, said 114,000 e-mail addresses were exposed for iPad 3G users. Apple, which says it has sold 2 million iPads since it was launched last April, did not immediately respond to an interview request. (Check out our photo gallery of iPad buyers.)

From Gawker:

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.

“The issue has escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses,” AT&T said in a statement.

AT&T, which is Apple's exclusive partner on the iPad and iPhone, said it was informed on Monday of the security breach by one of its business customers. The person or group that first discovered the security hole did not contact AT&T, the wireless company said.

“We continue to investigate and will inform all customers whose email addresses and ICC Ids may have been obtained. At this point there is no evidence that any other customer information was shared,” AT&T said.

The security problem comes amid increasing concern by regulators and lawmakers of the protection of personal data on the Internet. Google last month disclosed that when compiling pictures for its Street View application, its cameras had collected personal data from residential WiFi networks. That admission has sparked lawsuits and investigations by regulators around the globe.

Gawker reported that the information was obtained by a hacker group calling itself Goatse Security. The group used a script on AT&T's website, accessible to anyone on the internet, to get the data.

"When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address," Gawker reported. The Web site's security researchers were able to guess a large swath of ICC IDs by looking at known iPad 3G ICC IDs publically displayed on the Web.

It is unclear how the mishap will affect AT&T's relationship with its partner, Apple. iPhone users have complained about network congestion problems with the exclusive partner and Verizion Wireless customers have waited anxiously for Apple to strike a business deal with their provider.


By Cecilia Kang  |  June 9, 2010; 8:25 PM ET
Categories:  AT&T , Apple , Broadband , FCC , FTC , Mobile , Privacy  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Lawmakers seek to turn down the dial on loud television commercials
Next: Despondent words from alleged leaker to Wikileaks.org

Comments

Sounds like AT&T outsourced their web development to a company that was more interested in meeting deadlines that in security.

Posted by: flibber | June 9, 2010 10:22 PM | Report abuse


I would do her.

Posted by: screwjob16 | June 9, 2010 10:41 PM | Report abuse

Apple won't care. They will stick with AT&T, no matter how many people are screwed.

Posted by: rcvinson64 | June 9, 2010 11:46 PM | Report abuse

Apple won't care. They will stick with AT&T, no matter how many people are screwed.

Posted by: rcvinson64 | June 9, 2010 11:46 PM | Report abuse


how could obama let this happen. it is his fault. he should have issued regulators for better product testing.

why is he so completely inept? obama is the worst president will have ever had, or will ever have.

Posted by: skeptic11 | June 9, 2010 11:46 PM | Report abuse

AT&T is problematic. I have been using their DSL service starting with Bell South for 10 years. I am always having problems with it and also with my cell phone service. An AT&T customer disservice rep. once told me why do I call them? Why not call Microsoft? They seem to subcontract everything causing constant problems.

Posted by: truth1 | June 9, 2010 11:47 PM | Report abuse

What does President Obama has to do with AT&T and Apple?

Posted by: truth1 | June 9, 2010 11:49 PM | Report abuse

Agree with truth1
AT&T has too many problem I had to cancel everything. Cannot relate on them.

Posted by: atrium | June 10, 2010 12:13 AM | Report abuse

Our tech team had some interesting things to say about the iPad security breach. http://www.redspin.com/blog/

Posted by: redspin | June 10, 2010 12:34 AM | Report abuse

I wonder if the dell streak will really complete with apple and the ipad. I don't like monopoly at all. That will also bring the price down for both.

Your Destination for Dell Streak Hacks, News and Information. http://dellstreakhacks.com

Posted by: dellstreakhacks | June 10, 2010 1:13 AM | Report abuse

Wonder how many of the "A-list" people actually bought their IPads and how many were comps?

Maybe it's a conspiracy by Steve Jobs! :)

Posted by: BEEPEE | June 10, 2010 1:19 AM | Report abuse

Amazing. As a Government employee (although apparently a low ranking one, as I had to plead to get a blackberry which I detest) to find that so many government officials have a dodgy technological devise, at high cost, which only serves to confuse the creation and dissemination of policy, is an eye opener. Would love an in depth article on i Pads in government and what benefit they extend to the Government, other than turning us lowly lackeys in drones that have to respond to the latest (maybe after a three martini lunch) intrusion into our areas of specialties by government officials with the attention span of a gnat.

Oh, and to you idiots claiming this is a Obama thing. Get a life.

Posted by: ChrisW1958 | June 10, 2010 2:54 AM | Report abuse

Amazing. As a Government employee (although apparently a low ranking one, as I had to plead to get a blackberry which I detest) to find that so many government officials have a dodgy technological devise, at high cost, which only serves to confuse the creation and dissemination of policy, is an eye opener. Would love an in depth article on i Pads in government and what benefit they extend to the Government, other than turning us lowly lackeys in drones that have to respond to the latest (maybe after a three martini lunch) intrusion into our areas of specialties by government officials with the attention span of a gnat.

Oh, and to you idiots claiming this is a Obama thing. Get a life.

Posted by: ChrisW1958 | June 10, 2010 2:55 AM | Report abuse

The greater security concern here is that each and every ipad and iphone used by our military and business leaders has been manufactured by gigantic factories in Communist China. Our utter reliance on them to manufacture essentially all of our consumer electronics gear and much, much more while we manufacture exotic "securities" and debt is something that our elites seem not to want to discuss.

Posted by: JohnQCitizen | June 10, 2010 6:31 AM | Report abuse

take away their ipads. problem solved.

Posted by: iamrta | June 10, 2010 8:43 AM | Report abuse

AT&T has a lot of explaining to do. First there are continual problems with their wireless services and now an inexcusable security leak?

If only there were a clause in the Apple/AT&T contracts that would dissolve their relationship over such a huge error.

http://iPadLot.com

Posted by: Fretboard | June 10, 2010 8:46 AM | Report abuse

WHY ARE TAXPAYERS PAYING FOR IPADS FOR GOVERMENT EMPLOYEES?????

This is outrageous.

We need to find out each governement employee that has one and why they think they need an Apple IPAD at the expense of the taxpayer.

Posted by: Frishoo | June 10, 2010 8:55 AM | Report abuse

Maybe the government sees no benefit in buying the appliances for its employees.

Maybe they bought them for themselves you small-minded hapless faps!

Posted by: montypalmer2 | June 10, 2010 9:09 AM | Report abuse

@ skeptic11
"how could obama let this happen. it is his fault."

I really hope it is sarcasm, otherwise you may have serious cognitive troubles.

Posted by: Sensi23 | June 10, 2010 9:23 AM | Report abuse

@skeptic11
how could obama let this happen. it is his fault. he should have issued regulators for better product testing.

why is he so completely inept? obama is the worst president will have ever had, or will ever have.
==============

Completely off topic, of course, nothing to do with AT&T or iPads ...

Why do you think they call them TROLLS ...?

Posted by: webdevgal | June 10, 2010 10:05 AM | Report abuse

I don't really see the big deal about this specific incident. They're just e-mail addresses. It's not as if the devices themselves were hacked, which could, of course, be an issue.

Also, I do hope those iPads were purchased by the individual owners themselves and not purchased on their behalf by the government using taxpayer money. Because that would really piss me off.

Posted by: cpulaski | June 10, 2010 10:06 AM | Report abuse

P.S. @montypalmer2

When you call someone "small-minded", you're telling on yourself.

Posted by: cpulaski | June 10, 2010 10:08 AM | Report abuse

Apple needs to dump their contract with AT&T for the simple reason that AT&T is unable to provide sufficient bandwidth for Apple's products. Issues with service and security are not limited to AT&T. Security, in particular, is a pervasive issue throughout the web.

Posted by: Catch1 | June 10, 2010 10:35 AM | Report abuse

Even if the government idiots had paid for the iPADs out of their own pocket, what "right" to they have to use them? Most IT departments rightfully support devices that have been approved by the CTO, and on which they have been properly trained. Wasting technicians' time to support these "toys" should not be allowed, especially given their penchant for security lapses.

Posted by: moonwatcher2001 | June 10, 2010 11:17 AM | Report abuse

JohnQCitizen wrote:

"The greater security concern here is that each and every ipad and iphone used by our military and business leaders has been manufactured by gigantic factories in Communist China. Our utter reliance on them to manufacture essentially all of our consumer electronics gear and much, much more while we manufacture exotic "securities" and debt is something that our elites seem not to want to discuss."

######

So true. We have centralized so much of our manufacturing talent and capacity overseas, that if China closed the doors in a major conflict, the U.S. would be utterly up the creek.

As for the elites, who wants to rock the boat when millions (billions?) of USD are made very quickly off of shaky investment gambles. When times get rough, the elites get their golden parachutes, bailouts and continue sipping from the top-shelf while common citizens wonder if they will have a roof over their head next month.

With major manufacturing investments, returns are longer-term and do not cater to the rabid quarterly "give me mega profits or else" mentality present in corporate America.

Which type of investment does greed serve? The sort-term, high-risk gamble.

Many apologies for the digression.

AT&T, sort your network stuff!

Posted by: CB12 | June 10, 2010 12:40 PM | Report abuse

This is a non-story except for some well-known names and an embarrassing episode for AT&T. Now if AT&T has a policy that stated they would protect the email addresses then the FTC might have the basis for civil action, but they usually only do that if there is something for which there is a privacy law - bank account number, social security number, etc. There's no law about email addresses except in those cases where there was an expectation set by policy or contractual agreement. The news is that another web-facing application could be brute forced into divulging information which is embarrassing to AT&T, but not unusual. I would guess they failed to test the interface that allowed the ICC to be guessable and brute-forced. That's a software bug.

Posted by: rogernebel | June 10, 2010 1:00 PM | Report abuse

My computer is a $500 iPad. I do all my work on it so I don't get why it's being discussed here as if it were a frivolous luxury. There are cheaper computers but having suffered through two different netbooks, I can see why the iPad might do well in government and enterprise markets.

Posted by: dukeoconnor | June 10, 2010 1:31 PM | Report abuse

AT&T is a disgrace and Apple doesn't get it - http://bu.tt/ATT

Posted by: 1millionbumperstickers | June 10, 2010 2:28 PM | Report abuse

The Global Challenges of Sanctioning Iran - http://Bu.tt/Iran

Posted by: 1millionbumperstickers | June 10, 2010 2:33 PM | Report abuse

I wonder if Apple will continue LYING to the people and pretending their systems are impervious to today's internet threats???

Posted by: askgees | June 10, 2010 2:52 PM | Report abuse

AT&T is a disgrace and Apple doesn't get it - http://bu.tt/ATT

Posted by: 1millionbumperstickers | June 10, 2010 2:28 PM | Report abuse


But not nearly as pathetic as Verizon who has been sued by the US Gov 10 times in the last 80 years.

Posted by: askgees | June 10, 2010 2:55 PM | Report abuse

Inexcusable. AT&T should be required to pay at least $1,000 to every subscriber and have its license lifted. At minimum!

Posted by: JONWINDY | June 10, 2010 3:25 PM | Report abuse

Dear customers, thank you for your support of our company.
Here, there's good news to tell you: The company recently
launched a number of new fashion items! ! Fashionable and
welcome everyone to come buy. If necessary, welcometo:
===== http://www.smalltrade.net =====

free shipping
competitive price
any size available
accept the paypal

Air jordan(1-24)shoes $33

Handbags(Coach l v f e n d i d&g) $35

Tshirts (ed hardy,lacoste) $16

Jean(True Religion,ed hardy,coogi) $30

Sunglasses(Oakey,coach,gucci,A r m a i n i) $16

New era cap $15

Bikini (Ed hardy,) $25

FREE sHIPPING

====== http://www.smalltrade.net =====
` ╰—┘ 。 ┅★`_、
│\__╭╭╭╭╭__/│   
│           │  
│           │ 
│ ●       ● │ 
│≡    o    ≡│
│           │ 
╰——┬O◤▽◥O┬——╯
   |  o  |
   |╭---╮| ┌┬┬┬┐ 
╞╧╧╧╧══╧╧╧╧╧╧╧╧╡

Posted by: itkonlyyou112 | June 10, 2010 11:49 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company