AT&T website scraped to reveal iPad 3G owners' email addresses
One hundred and fourteen thousand.
Of course, since the script attack was shared around before AT&T closed the hole, the total number of scraped accounts could be much higher -- possibly up to the total number of iPad 3Gs activated with the carrier. There's no way to know at the moment.
What's particularly stinging about the data scraping is that many of the email addresses appear to be associated with high-profile government or industry iPad buyers. As the Washington Post reported this week, the Apple tablet is a fairly common accessory among White House staff; it looks like chief of staff Rahm Emanuel's email is among the ones discovered, and there are plenty of addresses ending in .mil as well.
As for individuals? Well, in this case we defer to the experts on Apple device security -- or lack thereof -- at Gizmodo: no, you probably don't have much to worry about. It may be a good idea to register devices with a secondary/free email address, just to cut down on spam, but otherwise there aren't really any preventative steps to be taken here.
We've emailed both Apple and AT&T for comment on this story. The statement from Mark Siegel, AT&T's executive director of media relations, is as follows:
"AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."
Updated to correct number of affected accounts.
Share
While there's no specific security risk associated with the pairing of ICC-ID and the email address of a subscriber -- other than the...
Add a Comment
Well, here's what happened when I bought my Ipad, they set up my email there in the store and by the time I got home, someone had hacked into my acct. And sent emails to all my contacts saying I was in Spain and needed 2,000 sent to me asap. Then they changed my password so I could not access my acct. I have been emailing the microsoft.live customer service every day since it happened, which was May 14, and STILL do not have access to my account!!!!
June 11 2010 at 9:05 AM Report abuse Permalink rate up rate down ReplyWhat's wrong with people using primary email addresses for registration. MULTIPLE ADDRESSES, people. I have one for buying on the web, one for registering any hardware/software, I have one for travel (hotels, airlines, orbitz, priceline).
Not only does this minimize SPAM into my real mailbox, it puts me in the "I don't care" column on the data leak of the week story.
Now if I could only get people to stop forwarding me webcrap (especially without using BCC), I'd have it made.
I have noticed spam suddenly since buying iPad 3G. Sigh.
June 10 2010 at 12:08 AM Report abuse Permalink rate up rate down ReplyI love Steve and he rightfully speaks up about Flash and how it gives a lot of Mac users fits. But here is something he should be up all night about. He should be getting Apple's platoon of lawyers on this pronto. Yes, AT&T and Apple have a contract but, I suspect AT&T is failing on their end of the deal.
Talk about "tethering". Apple and AT&T are joined at the hip and this reflects on Apple and tarnishes the luster of the product and it's capabilities. Apple needs to shed the achilles heel that is AT&T. Everyone I know that has an iPhone says they love it "but....". Apple with AT&T is like 13" tires on a Bugatti Veyron. It's like a governor on a Ducati 1098.
I'm getting a HTC Desire with US Cellular. Why? I am not about to jump to AT&T and let my lust for an iPhone cloud my judgement/common sense.
Come on Steve, time to do the right thing here and go with Verizon.
Not only are their possible contract issues, but also the Verizon format. When Verizon upgrades it's system to the next generation then the iPhone might be available on Verizon; probably next year.
June 10 2010 at 1:02 AM Report abuse Permalink rate up rate down ReplyWhy do you say 144,000 when Gizmodo and Engadget both say it was 114,000 emails?
June 09 2010 at 10:49 PM Report abuse Permalink rate up rate down ReplyThis is why Steve wanted everybody's MiFi off.
June 09 2010 at 8:25 PM Report abuse Permalink rate up rate down ReplyI'm starting to think the "A" in "AT&T" stands for "Agarn." Can they do anything right?
Ha, their sites have been pretty vulnerable to stuff like this for some time. We were able to get a decent amount of info when the iPhone 3g was backordered at AT&T stores when it came out.
An entire list of everyone also ordering from your store including last names usually.
Hot Apps on TUAW
Deals of the Day
more deals- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
26 Comments