Forgot your password?
typodupeerror
Privacy Security Apple

AT&T Leaks Emails Addresses of 114,000 iPad Users 284

Posted by samzenpus
from the sieve-security dept.
Hugh Pickens writes "Daily Tech reports that in what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed. Apparently AT&T left a script on its public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps. Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed. 'This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple,' writes Ryan Tate, adding that the leak is likely to unnerve customers thinking of buying iPads that connect to AT&T's cellular network. 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.' In a statement, AT&T says that the issue was escalated to the highest levels of the company and that it has essentially turned off the feature that provided the email addresses. 'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"
This discussion has been archived. No new comments can be posted.

AT&T Leaks Emails Addresses of 114,000 iPad Users

Comments Filter:
  • Re:Goatse? Really? (Score:5, Informative)

    by Ethanol-fueled (1125189) * on Wednesday June 09, 2010 @10:07PM (#32519150) Homepage Journal
    For those of you who don't get it, Goatse Security is a division of the great Gay Niggers Association of America.

    I'm not fucking joking.

    Additionally, this may be a Slashdot first: The GNAA first post is actually the article itself.
  • Re:Bad move, Apple (Score:5, Informative)

    by Red Flayer (890720) on Wednesday June 09, 2010 @10:23PM (#32519278) Journal

    I sometimes wonder why Apple hasn't moved away from it's exclusive relationship with AT&T.

    Contractual obligations. Here [engadget.com]'s some info.

    Basically, Apple signed a five-year deal in 2007 because they badly needed a carrier who was willing to sink many millions into the release.

    Here's the thing that sucks for early adopters: If you bought in '07, you had to sign a two-year deal with AT&T. Par for the course for a phone the way we've got it structured in the US. But after your two years are up, you'd still be stuck with AT&T for another three years due to the 5-year deal they have with Apple. Either that, or jailbreak your phone, etc.

    Practically, though, the extra three years are no big deal for the early adopters... surely most of them would move onto a new phone after two years, since they are early adopters.

  • Re:Goatse Security (Score:0, Informative)

    by Anonymous Coward on Wednesday June 09, 2010 @10:59PM (#32519494)

    Apple users are used to having their anuses stretched open, both by Apple and by other men. It makes sense that Goatse Security would be the group to gain access to their personal information.

  • Cough (Score:3, Informative)

    by way2trivial (601132) on Wednesday June 09, 2010 @11:03PM (#32519524) Homepage Journal

    http://www.citrix.com/English/ps2/products/product.asp?contentID=1689163 [citrix.com]

    "Citrix makes it easy to use enterprise applications, including Windows applications, on your iPhone, Blackberry, Android and Windows mobile devices on-demand."

  • Re:Bad joke (Score:4, Informative)

    by OrangeCatholic (1495411) on Wednesday June 09, 2010 @11:12PM (#32519574)

    >A computer security consultant was convicted in the UK for typing "/../../" after a URL and hitting enter

    Wow I just realized what that does.

    That's about the lowest definition of "hacking" you can possibly have. It's more like basic literacy.

  • Re:Goatse? Really? (Score:5, Informative)

    by morgan_greywolf (835522) on Wednesday June 09, 2010 @11:23PM (#32519652) Homepage Journal

    Ummmm...apparently, actually true [goatse.fr]. It really is a division of the GNAA. Makes me wonder how accurate this story is.

  • Re:Bad joke (Score:5, Informative)

    by aliquis (678370) <dospam@gmail.com> on Wednesday June 09, 2010 @11:29PM (#32519670) Homepage

    Personuppgiftslagen / personal data law [riksdagen.se]

    Google translation (enhanced by hand ..)

    Safety measures
    31 The liable data manager must take appropriate technical and organizational measures to protect the personal data processed. These measures must achieve a level of security that is appropriate with regard to

    a) the technical options available,
    b) what it would cost to implement the actions;
    c) the specific risks involved in the processing of personal data, and
    d) how sensitive the treated personal information is.

    When the liable data manager uses a personal data assistant, the liable data manager must ensure that the personal data assistant can implement the security measures required and ensure that the personal data assistant actually take those measures.

    The regulatory authority may decide on security measures.

  • Re:Doesn't Matter (Score:3, Informative)

    by sootman (158191) on Wednesday June 09, 2010 @11:49PM (#32519782) Homepage Journal

    Was the summary tl;dr for you? And for everyone who modded you up?

    Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads. [emphasis added]

  • Re:Bad joke (Score:3, Informative)

    by negRo_slim (636783) <mils_oRgen@hotmail.com> on Thursday June 10, 2010 @01:08AM (#32520194)

    There was no need to retrieve over 100,000 addresses before notifying AT&T nor was there any need to share the gaping security hole with others as was also done.

    http://security.goatse.fr/ [goatse.fr]

  • Re:Goatse? Really? (Score:1, Informative)

    by Anonymous Coward on Thursday June 10, 2010 @02:39AM (#32520642)
    kunwon1 is a KNOWN registered sex offender:

    Name:                      David J Moore
    Alias:                           kunwon1
    Email:            dave.j.moore@gmail.com
    Occupation:                   Unemployed
    Eye color:                         Brown
    Hair color:                       Ginger
    Tel:                        1.8157517281
    Location:     217 W Cortland Center Road
                  Cortland, IL 60112
  • Re:Goatse? Really? (Score:1, Informative)

    by Anonymous Coward on Thursday June 10, 2010 @03:02AM (#32520752)

    > The sad truth of the matter is that even idiots get lucky eventually.

    They've also found holes in Safari and Firefox, actually.

    If you think this story was bad, you should've seen some of the others in the Firehose. Nothing but bad puns based on gaping holes.

  • Re:Doesn't Matter (Score:1, Informative)

    by Anonymous Coward on Thursday June 10, 2010 @09:53AM (#32522910)

    I did, did you use your brain or just accept what the doucebags at gawker said as fact?

    So, by their and your account, if I decide to sell my product exclusively at a store, and you use a credit card, and said credit card number is stolen, it's my fault and not the store's?

    Better analogy, an HTC phone is available only at Verizon, so to get this phone I have to subscribe to Verizon's service. To do this, I have to give up personal information and a credit card. Once again, someone gains access to my personal information through a data breach at Verizon, it's HTC's responsibility?

    Complete bullshit to you, sir.

  • Re:Bad joke (Score:5, Informative)

    by tehcyder (746570) on Thursday June 10, 2010 @10:31AM (#32523294) Journal

    Since the meaning of "hacker" has changed from "someone who modifies devices to do things they weren't designed to do, or writes quick and dirty computer code" to "electronic burglar", who do we now call someone who modifies devices to do things they weren't designed to do, or writes quick and dirty computer code?

    We still call ourselves hackers, and revel in the thrill that outsiders think we are elite master cyber-criminals who get blowjobs while typing quickly on our keyboards, like in that film with Halle Berry.

Life. Don't talk to me about life. - Marvin the Paranoid Anroid

Working...