AT&T Leaks Emails Addresses of 114,000 iPad Users

Hugh Pickens writes "Daily Tech reports that in what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed. Apparently AT&T left a script on its public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps. Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed. 'This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple,' writes Ryan Tate, adding that the leak is likely to unnerve customers thinking of buying iPads that connect to AT&T's cellular network. 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.' In a statement, AT&T says that the issue was escalated to the highest levels of the company and that it has essentially turned off the feature that provided the email addresses. 'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"

Bad joke

[girlintraining]

Wait, the iPad suffered a leak? That's why you always buy pads with wings. (groan)

Re:Bad joke

[aliquis]

.. or well, scrap the later part, I'm trying to find what the law actually says over at datainspektionen but it's hard to find anything relevant to the security of storing or sharing the personal data. I don't wanna claim too much in case it's not true :/

Re:Bad joke

[L4t3r4lu5]

There is no way, not in a month of Sundays, that I will ever click on a link containing the words "goatse" "tubgirl" or "lemonparty"

They might as well have called themselves "We Publish Snuff Videos Security Group."

Re:Bad joke

It is not so bad if you disable javascript first - and it helps if you're blind..

Goatse? Really?

[ewoods]

Ok, "goatse" in a story, followed by a link... Is anyone really going to click it without hesitation?

Goatse Security

Who is in charge of that? Ben Dover?

Re:Goatse? Really?

What's even better is that the first 3 words of the headline are "AT&T's Gaping Hole".

Re:Goatse? Really?

[TinBromide]

What's even better is that the first 3 words of the headline are "AT&T's Gaping Hole".

Well, I was rather amused by the fact that "Goatse" "Leaked" something from said "Gaping Hole," I suppose that if you spend all your time playing with your "gaping hole," then something is eventually going to leak.

Re:Goatse? Really?

[mavasplode]

FTA:

Apple CEO Steve Jobs surely won't rest until AT&T's gaping hole is filled,

nuff said

Re:Goatse Security

[SolidAltar]

The funniest part of this entire story is that news organizations are either completely clueless as to what Goatse is, or refuse to mention it.

But some people are going to google it anyway.

The person who leaked this is a true internet superhero.

No way.

The last thing that comes to my mind when I think goatse is security. That guy can't secure shit.
And trust me, I've thought about alot of things while viewing / thinking of goatse..And security was definitely the last because I read an article about it on some site.

Re:Goatse Security

[Titoxd]

Goatse Security: We will show you every gaping hole in your security!

You are more right than you know.

[tak+amalak]

anyone with half a brain has a droid anyway.

Couldn't have said it better myself.

Re:Goatse Security

[cosm]

I willing to bet the writers / editors of the dailytech story knew exactly the wide open possibilities of this exploit's verbiage flexibility, FTA:

The title:

AT&T's Gaping Hole Exposes...

and

... before reporting this gaping hole to AT&T...

and this gem:

Apple CEO Steve Jobs surely won't rest until AT&T's gaping hole is filled

Goatse FTW.

Re:Goatse Security

Goatse Security: We will show you every gaping hole in your security!

"That guy who leaked 114,000 emails? What a big asshole!"

Re:MSNBC Investigates Goatse

I just hope Matt Lauer is wise enough not to look too deep.

I see what you did there.

I just wish I could unsee it.

Corporate-speak

[Stiletto]

'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"

A classic textbook non-response from a corporation's P.R. machine. A guide, for those unfamiliar with the terminology:

  * "We continue to..." / "We are continuing..." - Translation: We're not doing a thing

  * "investigate" - Translation: To lawyer-up and get paperwork straight for a lawsuit

  * "may have" - Translation: "did"

  * "been obtained" - Translation: given out by us through incompetence

  * "We take XYZ very seriously" - Translation: It only comes up in meetings when emergencies happen

  * "we have fixed this problem" - Translation: We fired the employees who told us this problem would happen

  * "we apologize" - Translation: We admit no legal wrongdoing

  * "customers who were impacted" - people who paid us for the pleasure of a good corporate rogering

Why anyone even reads press releases by companies anymore, one can only guess. You'll hear those catch phrases in every one.

Re:Goatse? Really?

[SeaFox]

Perhaps we shouldn't spread the story too widely until we have the hole truth. /ducks

Re:Goatse? Really?

[dakameleon]

What has the world come to?

/b/

'nuff said.