Gawker is reporting that a recent vulnerability on AT&T’s network exposed the e-mail addresses associated with what they believe to be 114,000 iPad 3G owners’ user accounts.
According to the article:
“The specific information exposed in the breach included subscribers’ email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T’s network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber.”
AT&T has apparently fixed the problem, but not after the e-mail addresses of “dozens of CEOs, military officials, and top politicians” were harvested by a hacking group going by the name of Goatse Security. Don’t Google “Goatse.”
“The group wrote a PHP script to automate the harvesting of data. Since a member of the group tells us the script was shared with third-parties prior to AT&T closing the security hole, it’s not known exactly whose hands the exploit fell into and what those people did with the names they obtained. A member tells us it’s likely many accounts beyond the 114,000 have been compromised.”
AT&T has issued the following statement:
“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.”
Any iPad 3G owners out there? Have you been contacted by AT&T yet?
More on Techland: