Security Loophole Reveals Email Addresses Of AT&T’s iPad 3G Users
A major security loophole in AT&T's systems has resulted in the breach of confidential information of over 114,000 iPad 3G owners.
According to Ryan Tate from Gawker, the list of users who have been compromised includes thousands of prominent people in the politics, media and finance space.
Goatse Security, a France-based hacking group discovered this security loophole. The hackers were apparently able to get access to the email addresses of iPad 3G users using a simple script on AT&T's website that returned the email address of users when supplied with the owners' ICC-ID. ICC-ID is a unique identification number that is prominently displayed on SIM cards that associates every mobile phone device to a particular number. A large part of the database is known to have been obtained by guessing the ICC-ID of potential iPad 3G users.
AT&T has acknowledged the security breach and apologized for the incident. The carrier has also confirmed that the loophole has been plugged now.
"This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses…We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained. At this point, there is no evidence that any other customer information was shared.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."
It will be interesting to see how Apple reacts to the latest breach. Cupertino is yet to issue an official statement in this regard.