CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

AT&T Exposes iPad Customer Data

AT&T acknowledged on Wednesday that a security hole in its Web site had exposed the email addresses of some iPad owners.

A group of computer experts that calls itself “Goatse Security” claimed to have exploited the AT&T Web site using part of an HTTP request, triggering a script which would return the associated email address using an AJAX-style response within the Web application.

AT&T acknowledged on Wednesday that a security hole in its Web site had exposed the email addresses of some iPad owners.

A group of computer experts that calls itself “Goatse Security” claimed to have exploited the AT&T Web site using part of an HTTP request, triggering a script which would return the associated email address using an AJAX-style response within the Web application.

It’s important to note that the breach won’t effect iPad owners who have not signed up for AT&T 3G wireless service for their iPads and that it does not appear that any financial or billing data was exposed.

Gawker Media first reported the breach Wednesday and AT&T sent a response to Gawker on the incident:

“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.

This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

The person or group who discovered this gap did not contact AT&T. We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.

We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.”

Advertisement. Scroll to continue reading.

Through the breach, the Goastse group claimed to uncover over 114,000 email addresses of of iPad customers, including government officials, business executives, and the military, including William Eldredge, commander of a B-1 bomber group for the U.S. Air Force. Gawker reported that White House Chief of Staff Rahm Emanuel was on the list as well. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.