Forgot your password?
typodupeerror
Privacy Security Apple

AT&T Leaks Emails Addresses of 114,000 iPad Users 284

Posted by samzenpus
from the sieve-security dept.
Hugh Pickens writes "Daily Tech reports that in what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed. Apparently AT&T left a script on its public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps. Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed. 'This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple,' writes Ryan Tate, adding that the leak is likely to unnerve customers thinking of buying iPads that connect to AT&T's cellular network. 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.' In a statement, AT&T says that the issue was escalated to the highest levels of the company and that it has essentially turned off the feature that provided the email addresses. 'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"
This discussion has been archived. No new comments can be posted.

AT&T Leaks Emails Addresses of 114,000 iPad Users

Comments Filter:
  • Bad joke (Score:5, Funny)

    by girlintraining (1395911) on Wednesday June 09, 2010 @09:58PM (#32519080)

    Wait, the iPad suffered a leak? That's why you always buy pads with wings. (groan)

    • by ZosX (517789) <zosxavius@gmTWAINail.com minus author> on Thursday June 10, 2010 @12:59AM (#32520136) Homepage

      I don't think there is a pad big enough! I mean have you seen the goatse guy?!

  • by ewoods (108845) on Wednesday June 09, 2010 @10:00PM (#32519088)

    Ok, "goatse" in a story, followed by a link... Is anyone really going to click it without hesitation?

  • by Zalgon 26 McGee (101431) on Wednesday June 09, 2010 @10:02PM (#32519112)

    AT&T making a technical goof. That _is_ news.

  • by Anonymous Coward on Wednesday June 09, 2010 @10:03PM (#32519122)

    Who is in charge of that? Ben Dover?

  • Oh well... (Score:5, Insightful)

    by PopeRatzo (965947) * on Wednesday June 09, 2010 @10:05PM (#32519138) Homepage Journal

    Accidents happen.

    Does anyone think this will cost AT&T anything? Not when you've let the NSA use your phone system for illegal wiretaps.

    That was the quid and things like this are the quo.

    • by Ilgaz (86384) on Wednesday June 09, 2010 @10:27PM (#32519292) Homepage

      I couldn't imagine why would a telco need user's mail address and how on earth trusts to the user entered mail address.

      I also wonder if the infrastructure was using http or httpS for that communication, you know while collecting user mail addresses for some (??) reason.

      You know what? It should be Apple to protest this massive leak at first place. Didn't they declare monopoly on location based advertising "to protect user privacy"? Eh, mail address in some organization named itself "goatse", anything worse could happen?

  • by holophrastic (221104) on Wednesday June 09, 2010 @10:09PM (#32519170)

    I'm not a consumer, and least of all a gadget one. I'm a business guy and I like business toys. And when I buy a business toy, I consider the brand and the source, and almost always pay more to get the better source -- especially when the product/service is otherwise identical.

    But when have you seen a consumer choose to buy an iPad from a source that's $10 more expensive than another they've found? Anyone here have friends who choose to pay more? Anyone have friends who chose an iPad from not AT&T because they actually thought about the AT&T factor? I'd bet otherwise.

  • by rastoboy29 (807168) on Wednesday June 09, 2010 @10:13PM (#32519196) Homepage
    /me predicts ipad users being offered many, many ipad-relevant super deals in their email in the next few days.

    I'm sure they won't mind!
  • by beaverdownunder (1822050) on Wednesday June 09, 2010 @10:14PM (#32519198)
    Besides revealing the e-mail addresses of a number of prominent PUBLIC figures (emphasis on the word PUBLIC) it's just another spam list. Whoopee...
  • by Saeed al-Sahaf (665390) on Wednesday June 09, 2010 @10:16PM (#32519222) Homepage

    Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed.

    Is it? Is it really? Or is this just Gawker being Gawker and making things up? Emails, folks. That's it. Emails. You're on some public list alread, emails are not "confidential".

  • Gawker doesn't suggest that "every iPad owner in the US" may have been exposed. It says every iPad 3G owner may have been exposed. I don't think that's splitting hairs, either, given the short time the 3G model has been available. Things are bad enough without making them seem worse.

  • No way. (Score:2, Funny)

    by Anonymous Coward on Wednesday June 09, 2010 @10:18PM (#32519246)

    The last thing that comes to my mind when I think goatse is security. That guy can't secure shit.
    And trust me, I've thought about alot of things while viewing / thinking of goatse..And security was definitely the last because I read an article about it on some site.

  • Thank you... (Score:4, Insightful)

    by xgadflyx (828530) * <james,montgomery&gmail,com> on Wednesday June 09, 2010 @10:37PM (#32519342) Homepage Journal
    Thank you Slashdot for not running the sensationalist headline found on that other "tech" blog. Kudo's to you for calling it what it is - an AT&T security breach.
  • by Anonymous Coward on Wednesday June 09, 2010 @10:43PM (#32519380)

    I'm surprised nobody else has commented how offensive it is that the group that found the leak published the email addresses. By all means publish the fact of the breach, get pie on AT&T's face, but why punish the users? That's just mean.

  • by dancornell (95530) on Wednesday June 09, 2010 @10:49PM (#32519434) Homepage

    This is certainly a high-profile breach, but not apparently immediately catastrophic. However, it does provide a number of lessons for organizations and developers building smartphone applications (iPhone, iPad, Android, Blackberry, Windows Mobile, etc) All of the issues with the AT&T/Apple infrastructure for the iPad are known web application security issues. Smartphone developers need to learn from the past or they are going to repeat the mistakes of web application and AJAX/RIA application developers.

    I put together some more in-depth comments here:
    4 Lessons From the AT&T/Apple Data Breach for Smartphone App Developers [denimgroup.com]

    --Dan
    @danielcornell

    • by Tumbleweed (3706) * on Thursday June 10, 2010 @12:07AM (#32519864)

      This is certainly a high-profile breach, but not apparently immediately catastrophic.

      When you consider that some of this information belongs to people with *.mil email addresses, I think you're underestimating the shit storm that is about to be (well, SHOULD be) unleashed on AT&T and Apple.

      On the bright side for Apple users, perhaps Apple can use this to break their exclusivity deal with AT&T? Perhaps Apple will learn the value of 'due diligence' before signing contracts in the future.

  • by mad.frog (525085) <steven@crinkli[ ]com ['nk.' in gap]> on Wednesday June 09, 2010 @11:09PM (#32519554)

    ...just imagine how much worse it would have been if those iPads had Flash installed...

  • by Beelzebud (1361137) on Wednesday June 09, 2010 @11:19PM (#32519622)
    HAHAHAHAHAHAHAHAHA!

    That is truly funny coming from the company that hosts NSA spy rooms.
  • by rat7307 (218353) on Wednesday June 09, 2010 @11:59PM (#32519820) Homepage

    Now we know who to block to avoid those douche "Sent from my iPad" email footers

    I have taken to replying to ANY of these with a "Sent from my Combine Harvester" or similar thing back.

    We don't care about your toy. And while we are at it, do you have to mention your iPad in every tweet and email? sheesh.

    Sorry. Been a long day.

  • by AHuxley (892839) on Thursday June 10, 2010 @12:01AM (#32519826) Homepage Journal
    Your telco just loves to help anyone that take the time to request your data in bulk.
    You had MS Sidekick data loss, Amazon 1984 data removal, Room 641A, googles data collection, now ipad email gape.
    Time to buy a Dell streak, install Ubuntu and float on the Canonical cloud.
    You will be safe from all but SCO as you hunt for a teclo that takes customer security very seriously.
  • by Stiletto (12066) on Thursday June 10, 2010 @12:38AM (#32519992)

    'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"

    A classic textbook non-response from a corporation's P.R. machine. A guide, for those unfamiliar with the terminology:

      * "We continue to..." / "We are continuing..." - Translation: We're not doing a thing

      * "investigate" - Translation: To lawyer-up and get paperwork straight for a lawsuit

      * "may have" - Translation: "did"

      * "been obtained" - Translation: given out by us through incompetence

      * "We take XYZ very seriously" - Translation: It only comes up in meetings when emergencies happen

      * "we have fixed this problem" - Translation: We fired the employees who told us this problem would happen

      * "we apologize" - Translation: We admit no legal wrongdoing

      * "customers who were impacted" - people who paid us for the pleasure of a good corporate rogering

    Why anyone even reads press releases by companies anymore, one can only guess. You'll hear those catch phrases in every one.

  • by KarlIsNotMyName (1529477) on Thursday June 10, 2010 @02:14AM (#32520510)

    Has the Internet really been around long enough to have bigger leaks than this before its "recent history"?

  • by Dr. Spork (142693) on Thursday June 10, 2010 @05:40AM (#32521478)
    Look in your spam box. Your email address has been leaked to V1agra merchants and worse, a million times over, whether you're an iPad user or not. Let's not act like these were some sort of unsoiled email addresses that have now been deflowered. There are no such things on the internet. Yeah, I don't want these jerks knowing what kind of gear I own, but in the big picture, I'd say that these people need a good spam blocker this week, and they needed it last week too.

Badges? We don't need no stinking badges.

Working...