iPad 3G breach exposes 114,000 email addresses

Alex Wagner
Editorial Director of News and Content from  Omaha, NE
| June 9, 2010

Apple iPad

The past few months have been rough for Apple when it comes to information leaking.  The latest leak, however, may be the worst.  Gawker has received information about the leak, which has exposed the email addresses of 114,067 iPad 3G owners through a simple script on the AT&T website.  When sending a request to the site with an integrated circuit card identifier, or ICC ID, the script would return the iPad owner's email address.  The ICC ID is a number used to identify the SIM cards used with a mobile device on a network.  After the breach was discovered, a script was used to harvest over 114,000 email adresses from the site.  The owners of the addresses that were harvested are VIPs from nearly every industry thinkable, such as New York City mayor Michael Bloomberg and Diane Sawyer of ABC News.  The group that exposed the leak, Goatse Security, guessed several ICC IDs after checking with several other iPads seen online and owned by friends and got email addresses back from the site. The security group says that the script used was passed around to other parties before AT&T closed the breach, so it's not known exactly who obtained the email addresses and what was done with them.  Goatse Security told AT&T about the vulnerability and the breach has since been closed.  Experts are torn on whether or not the ICC IDs gained could be used to create exploits with the GSM standard.  Strangely enough, AT&T hasn't publicly said anything about the leak yet.  Although most of the fault seems to rest with AT&T, it seems likely that Apple may catch some of the blame as well.  This news may hurt AT&T's image with some of the public and could cause some customers to re-consider buying an iPhone 4 later this month.  What do you think of this leak?

Via Gawker

Products mentioned