AT&T acknowledged on Wednesday that a security hole in its Web site had exposed the email addresses of some iPad owners.
A group of computer experts that calls itself “Goatse Security” claimed to have exploited the AT&T Web site using part of an HTTP request, triggering a script which would return the associated email address using an AJAX-style response within the Web application.
It’s important to note that the breach won’t effect iPad owners who have not signed up for AT&T 3G wireless service for their iPads and that it does not appear that any financial or billing data was exposed.
Gawker Media first reported the breach Wednesday and AT&T sent a response to Gawker on the incident:
“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T. We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.”
Through the breach, the Goastse group claimed to uncover over 114,000 email addresses of of iPad customers, including government officials, business executives, and the military, including William Eldredge, commander of a B-1 bomber group for the U.S. Air Force. Gawker reported that White House Chief of Staff Rahm Emanuel was on the list as well.

More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
