Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Leaks Emails Addresses of 114,000 iPad Users

Posted by samzenpus on from the sieve-security dept.

Hugh Pickens writes "Daily Tech reports that in what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed. Apparently AT&T left a script on its public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps. Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed. 'This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple,' writes Ryan Tate, adding that the leak is likely to unnerve customers thinking of buying iPads that connect to AT&T's cellular network. 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.' In a statement, AT&T says that the issue was escalated to the highest levels of the company and that it has essentially turned off the feature that provided the email addresses. 'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"

3 of 284 comments (clear)

  1. Re:Goatse? Really? by Ethanol-fueled · · Score: 5, Informative

    For those of you who don't get it, Goatse Security is a division of the great Gay Niggers Association of America.

    I'm not fucking joking.

    Additionally, this may be a Slashdot first: The GNAA first post is actually the article itself.

  2. Re:Goatse? Really? by morgan_greywolf · · Score: 5, Informative

    Ummmm...apparently, actually true. It really is a division of the GNAA. Makes me wonder how accurate this story is.

    --
    My blog
  3. Re:Bad joke by aliquis · · Score: 5, Informative

    Personuppgiftslagen / personal data law

    Google translation (enhanced by hand ..)

    Safety measures
    31 The liable data manager must take appropriate technical and organizational measures to protect the personal data processed. These measures must achieve a level of security that is appropriate with regard to

    a) the technical options available,
    b) what it would cost to implement the actions;
    c) the specific risks involved in the processing of personal data, and
    d) how sensitive the treated personal information is.

    When the liable data manager uses a personal data assistant, the liable data manager must ensure that the personal data assistant can implement the security measures required and ensure that the personal data assistant actually take those measures.

    The regulatory authority may decide on security measures.