AT&T e-mail apologizes for iPad breach

Must Read

New RBI Guidelines Force You To Memorise All Of Your Card Details

It's time to get your brain prepped to do some much-needed homework and commit to memory the...

Bounce Layoff: Bike Rental Startup To Pivot Into New Vertical

Bike-rental startup Bounce has laid off a massive chunk of its workforce in a bid to survive...

Zomato Beefs Up Valuation Prior To IPO In Its Latest Fundraising Round!

Before heading to the stock market with an IPO, the homegrown food delivery startup Zomato beefs up...

AT&T sent an e-mail to iPad owners Sunday explaining a security breach that occurred on its site and laying much of the blame with the group that discovered the hole.

The e-mail, which was signed by AT&T Chief Privacy Officer Dorothy Attwood, blamed “self-described hackers” for uncovering a hole in the company’s Web site that allowed for the exposure of 114,000 e-mail addresses belonging to iPad owners, according to a copy posted on Boy Genius Report. Among the iPad users who appeared to have been affected were White House Chief of Staff Rahm Emanuel, journalist Diane Sawyer, New York Mayor Michael Bloomberg, movie producer Harvey Weinstein, and New York Times CEO Janet Robinson.

In the e-mail explaining how the breach occurred, Attwood apologized for the breach and said “unauthorized computer ‘hackers’ maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service”:

Advertisements

The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad–called the integrated circuit card identification (ICC-ID)–and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen. 

The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity.

As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses. Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.

 

A group called Goatse Security uncovered the hole by sending HTTP requests to AT&T’s site that included SIM card serial numbers for iPads. Because the serial numbers, called ICC-IDs (integrated circuit card identifiers), are generated sequentially, the researchers were able to guess thousands of them and then ran a program to extract the data by going down the list. A spokesman for AT&T said the company turned off the feature that provided e-mail addresses on Tuesday, one day after learning of the problem from someone not affiliated with the hacker group.

The FBI announced on Thursday it had launched an investigation into the situation after learning that numerous U.S. government officials were among the many executives and luminaries that had their e-mail addresses exposed.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Reliance Aims To Launch Its Own Version Of UPI-Like Payments Network With Google And Facebook!

The mammoth tech-petroleum conglomerate Reliance aims to create its own version of UPI! According...

TikTok Coughs Up $92 Million In Fine For Harvesting User Data Of Minors!

The popular short-form video app TikTok simply can’t catch a break! Besides dealing with its botched acquisition now stuck in limbo, the...

Facebook Continues Taking A Jab At Apple With New Marketing Campaign

Even after a month of attacking and accusing Tim Cook Zuckerberg is still very much fizzle out from Apple’s major blow to...

Xiaomi Levels Up On India Manufacturing: 99% Smartphones Are Made In India

Xiaomi really is digging its heels to live up to a commitment. One of the first adopters of the...

After SMS, WhatsApp Now Becomes A Threat To Cell Calling: 1 Billion And Counting

It already buried the SMSes in the ground. Now, traditional cellular calling is next on the hit list. The number of WhatsApp...

Flipkart Quickly Learns From the Mistake Amazon Did: Setting Up A Level Playing Field For Sellers!

Unlike Amazon which allegedly implemented unethical strategies to tackles India’s FDI policy for e-commerce marketplaces, Flipkart plans to do it right!

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This