Skip the navigation

AT&T apologizes, blames hackers for iPad e-mail breach

It vows to work with law enforcement officials probing the incident

By Jeremy Kirk
June 14, 2010 09:34 AM ET

IDG News Service - AT&T issued an apology on Sunday for a hack that exposed thousands of iPad customers' e-mail addresses last week and vowed to work with law enforcement to prosecute those responsible.

A hacking group called Goatse Security obtained about 114,000 e-mail addresses of people such as White House Chief of Staff Rahm Emanuel and New York Mayor Michael Bloomberg by exploiting an authentication page on AT&Ts Web site.

The group found that entering a correct serial number for the iPad's SIM card, called an integrated circuit card identification (ICC-ID), the log-in page would return an e-mail address associated with that iPad. They wrote code that would randomly generate those serial numbers and queried the Web site until an e-mail addresses were returned, according to AT&T.

AT&T designed the site to automatically populate the e-mail field in order to make it easier for its customers to log in. AT&T has since changed the page to require an e-mail address and password to be entered.

"The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer e-mail addresses," wrote Dorothy Attwood, AT&T's chief privacy officer, in an e-mail sent to affected customers. "They then put together a list of these e-mails and distributed it for their own publicity."

The e-mail addresses were passed to Gawker.com. Goatse maintains that it did not directly contact AT&T but waited until the company fixed the problem before giving the e-mail addresses to Gawker and said it has since destroyed the data.

Nonetheless, the U.S. Federal Bureau of Investigation opened a probe last Thursday into whether Goatse Security broke the law.

AT&T said only the ICC-ID and e-mail address were exposed and that other personal account information and e-mail content were not. The hackers did not get access to AT&T data networks, according to the letter.

"We apologize for the incident and any inconvenience it may have caused," Attwood wrote. "Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence."

AT&T will not offer any incentives to those customers affected, according to Mark Siegel, executive director for media relations.

Send news tips and comments to jeremy_kirk@idg.com

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
2015 Premier 100 nominations open
Premier 100

Computerworld has launched its annual search for outstanding IT leaders who align technology with business goals. Nominate a top IT executive for the 2015 Premier 100 IT Leaders awards now through July 18.