AT&T on apologized for a glitch that accidentally exposed the e-mail addresses of 114,000 Apple iPad users, and blamed the incident on hackers who exploited a function intended to let users more quickly log-in to their accounts.
AT&T said the problem has been resolved, and insisted that the hackers were not able to access anything except e-mail addresses. "The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad - called the integrated circuit card identification (ICC-ID) - and repeatedly queried an AT&T web address," AT&T's chief privacy officer Dorothy Atwood wrote in an e-mail to affected customers. "When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the e-mail address associated with the ICC-ID already populated on the log-in screen."
Earlier this month, AT&T acknowledged a breach that exposed 114,000 e-mail addresses and ICC-IDs of various Apple iPad 3G owners, including Michael Bloomberg, Harvey Weinstein, and blogger Kara Swisher.
The breach came to light after Gawker.com received a tip from Goatse Security (savvy Web denizens will know what that name implies, and shy away from Googling it), which provided the data from the alleged leak, as well as the culprit: AT&T. Atwood said these hackers "went to great efforts" to compile the list of e-mail addresses and then "distributed it for their own publicity."
AT&T disabled the function within hours of being made aware of the problem, she said. Users must now type in their e-mail address and password to sign in. The company did, however, caution users to be on alert for future phishing scams.
I want to hear from you. Tell me how we can improve.
This month in Security magazine, we examine how physical security leaders are being propelled into a unique position of revenue preservers and risk managers for their businesses. In addition, we profile Scott Ashworth, Director of Security for Atlanta United. Also, security leaders discuss how to develop cybersecurity careers, election security, data protection strategies, measuring and reporting security operations maturity and more!