AT&T Leaks Emails Addresses of 114,000 iPad Users

← Back to Stories (view on slashdot.org)

AT&T Leaks Emails Addresses of 114,000 iPad Users

Posted by samzenpus on Wednesday June 9, 2010 @01:56PM from the sieve-security dept.

Hugh Pickens writes "Daily Tech reports that in what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed. Apparently AT&T left a script on its public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps. Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed. 'This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple,' writes Ryan Tate, adding that the leak is likely to unnerve customers thinking of buying iPads that connect to AT&T's cellular network. 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.' In a statement, AT&T says that the issue was escalated to the highest levels of the company and that it has essentially turned off the feature that provided the email addresses. 'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"

13 of 284 comments (clear)

Min score:

Reason:

Sort:

Re:Goatse? Really? by Ethanol-fueled · 2010-06-09 14:07 · Score: 5, Informative

For those of you who don't get it, Goatse Security is a division of the great Gay Niggers Association of America.

I'm not fucking joking.

Additionally, this may be a Slashdot first: The GNAA first post is actually the article itself.
Re:Bad move, Apple by Red+Flayer · 2010-06-09 14:23 · Score: 4, Informative

I sometimes wonder why Apple hasn't moved away from it's exclusive relationship with AT&T.
Contractual obligations. Here's some info.

Basically, Apple signed a five-year deal in 2007 because they badly needed a carrier who was willing to sink many millions into the release.

Here's the thing that sucks for early adopters: If you bought in '07, you had to sign a two-year deal with AT&T. Par for the course for a phone the way we've got it structured in the US. But after your two years are up, you'd still be stuck with AT&T for another three years due to the 5-year deal they have with Apple. Either that, or jailbreak your phone, etc.

Practically, though, the extra three years are no big deal for the early adopters... surely most of them would move onto a new phone after two years, since they are early adopters.

--
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Re:Goatse Security by Anonymous Coward · 2010-06-09 14:59 · Score: 0, Informative

Apple users are used to having their anuses stretched open, both by Apple and by other men. It makes sense that Goatse Security would be the group to gain access to their personal information.
Cough by way2trivial · 2010-06-09 15:03 · Score: 2, Informative

http://www.citrix.com/English/ps2/products/product.asp?contentID=1689163
"Citrix makes it easy to use enterprise applications, including Windows applications, on your iPhone, Blackberry, Android and Windows mobile devices on-demand."

--
every day http://en.wikipedia.org/wiki/Special:Random
Re:Bad joke by OrangeCatholic · 2010-06-09 15:12 · Score: 3, Informative

>A computer security consultant was convicted in the UK for typing "/../../" after a URL and hitting enter
Wow I just realized what that does.
That's about the lowest definition of "hacking" you can possibly have. It's more like basic literacy.
Re:Goatse? Really? by morgan_greywolf · 2010-06-09 15:23 · Score: 5, Informative

Ummmm...apparently, actually true. It really is a division of the GNAA. Makes me wonder how accurate this story is.

--
My blog
Re:Bad joke by aliquis · 2010-06-09 15:29 · Score: 5, Informative

Personuppgiftslagen / personal data law
Google translation (enhanced by hand ..)

Safety measures
31 The liable data manager must take appropriate technical and organizational measures to protect the personal data processed. These measures must achieve a level of security that is appropriate with regard to
a) the technical options available,
b) what it would cost to implement the actions;
c) the specific risks involved in the processing of personal data, and
d) how sensitive the treated personal information is.
When the liable data manager uses a personal data assistant, the liable data manager must ensure that the personal data assistant can implement the security measures required and ensure that the personal data assistant actually take those measures.
The regulatory authority may decide on security measures.
Re:Doesn't Matter by sootman · 2010-06-09 15:49 · Score: 2, Informative

Was the summary tl;dr for you? And for everyone who modded you up?

Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads. [emphasis added]

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Re:Bad joke by negRo_slim · 2010-06-09 17:08 · Score: 2, Informative

There was no need to retrieve over 100,000 addresses before notifying AT&T nor was there any need to share the gaping security hole with others as was also done.
http://security.goatse.fr/

--
On the Oregon Cost born and raised, On the beach is where I spent most of my days
Re:Goatse? Really? by Anonymous Coward · 2010-06-09 18:39 · Score: 1, Informative

kunwon1 is a KNOWN registered sex offender: Name: David J Moore Alias: kunwon1 Email: dave.j.moore@gmail.com Occupation: Unemployed Eye color: Brown Hair color: Ginger Tel: 1.8157517281 Location: 217 W Cortland Center Road Cortland, IL 60112
Re:Goatse? Really? by Anonymous Coward · 2010-06-09 19:02 · Score: 1, Informative

> The sad truth of the matter is that even idiots get lucky eventually.
They've also found holes in Safari and Firefox, actually.
If you think this story was bad, you should've seen some of the others in the Firehose. Nothing but bad puns based on gaping holes.
Re:Doesn't Matter by Anonymous Coward · 2010-06-10 01:53 · Score: 1, Informative

I did, did you use your brain or just accept what the doucebags at gawker said as fact?
So, by their and your account, if I decide to sell my product exclusively at a store, and you use a credit card, and said credit card number is stolen, it's my fault and not the store's?
Better analogy, an HTC phone is available only at Verizon, so to get this phone I have to subscribe to Verizon's service. To do this, I have to give up personal information and a credit card. Once again, someone gains access to my personal information through a data breach at Verizon, it's HTC's responsibility?
Complete bullshit to you, sir.
Re:Bad joke by tehcyder · 2010-06-10 02:31 · Score: 4, Informative

Since the meaning of "hacker" has changed from "someone who modifies devices to do things they weren't designed to do, or writes quick and dirty computer code" to "electronic burglar", who do we now call someone who modifies devices to do things they weren't designed to do, or writes quick and dirty computer code?

We still call ourselves hackers, and revel in the thrill that outsiders think we are elite master cyber-criminals who get blowjobs while typing quickly on our keyboards, like in that film with Halle Berry.

--
To have a right to do a thing is not at all the same as to be right in doing it