AT&T acknowledged on Wednesday that a security hole in its Web site had exposed the email addresses of some iPad owners.
A group of computer experts that calls itself “Goatse Security” claimed to have exploited the AT&T Web site using part of an HTTP request, triggering a script which would return the associated email address using an AJAX-style response within the Web application.
It’s important to note that the breach won’t effect iPad owners who have not signed up for AT&T 3G wireless service for their iPads and that it does not appear that any financial or billing data was exposed.
Gawker Media first reported the breach Wednesday and AT&T sent a response to Gawker on the incident:
“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T. We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.”
Through the breach, the Goastse group claimed to uncover over 114,000 email addresses of of iPad customers, including government officials, business executives, and the military, including William Eldredge, commander of a B-1 bomber group for the U.S. Air Force. Gawker reported that White House Chief of Staff Rahm Emanuel was on the list as well.

More from SecurityWeek News
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off
- SecurityWeek to Host Cyber AI & Automation Summit
- US Marks 22 Years Since 9/11 Terrorist Attacks
- In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach
- Webinar Today: Scaling Software Supply Chain Security
- In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
