I have to assume I’m in this group: I have an iPad 3G, and an AT&T data plan for it1
AT&T Inc. acknowledged Wednesday that a security hole in its website had exposed iPad users’ email addresses, a breach that highlights how corporations still have problems protecting private information.
A small group of computer experts that calls itself Goatse Security claimed responsibility for the intrusion, saying they exploited an opening in AT&T’s website to find numbers that identify iPads connected to AT&T’s mobile network.
Those numbers allowed the group to uncover 114,000 email addresses of thousands of users, including prominent officials in companies, politics and the military, Goatse said. Gawker Media LLC, which reported the breach earlier Wednesday, said 114,000 email addresses were revealed. It doesn’t appear any financial or billing information was made public.
AT&T, the sole U.S. provider of wireless service for the Apple Inc. tablets, said it had fixed the security problem by Tuesday. It said it would inform all customers whose email addresses and iPad IDs may have been obtained.
(click to continue reading AT&T Discloses IPad Security Breach – WSJ.com.)
What I don’t know is what Goatse did with the data – are they planning on selling it to spammers? Or use it to compromise our email accounts in some way? My passwords are firewalled – i.e., I have different passwords for different websites, but no password is invulnerable to a determined hacker. Maybe AT&T will take a PR-friendly response, and offer a years worth of identity-theft monitoring for their customers?
Footnotes:- plus my surname begins with the letter A – which was fine in school, not so good always [↩]