AT&T Security Hole Revealed Email Addresses Of iPad Owners
from the whoops dept
Apparently, a security vulnerability in the way AT&T set up its network allowed hackers to capture the email addresses of 114,000 iPad owners. The breach was pretty basic stuff: if you fed an iPad ID number to a script that was publicly available on AT&T’s website, it returned to you the email address associated with that ID. The hackers quickly set to testing out tons of likely IDs, and got back all those email addresses, including those of top execs at a bunch of big media companies, such as the CEO of the NY Times, CEO of Time, Inc., the President of News Corp, the CEO of Dow Jones and New York City mayor Bloomberg. Oh yeah, also a bunch of government emails: “Rahm Emanuel and staffers in the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health, among others.” AT&T issued the expected “oops” statement soon after this was exposed.
Filed Under: email addresses, ipad, security hole
Companies: at&t
Comments on “AT&T Security Hole Revealed Email Addresses Of iPad Owners”
This is why I am a PC and don’t own the iCrap.
Re: Re:
Um… So vunerability on AT&T’s website = Apple Sucks!
Am I missing something here… ? (cough troll)
What? A blog broke this story? Not the New York Times? I’m so confused.
Re: Re:
What? A blog broke this story? Not the New York Times? I’m so confused.
The group that exploited the security hole basically gave them the story directly. Why them and not, say, the NYT? Maybe the more “instant” exposure. Maybe the tech focus. Or maybe, given Gawker Media’s recent history, the biggest paycheck for the information.
The writeup is suitably histrionic. Some email addresses got harvested, but repeatedly the article states that information or accounts were “compromised.” Yeah, and I walked down Main Street, wrote down the numbers on the houses, and “compromised” those houses too. My email address is on my Website, if you care to write me. I guess my email account is now “compromised” also.
Here’s another big secret that could lead to a major breach: many companies use the form “first initial-last name@example.com” as the format of their email addresses. Some even use First.M.Last@example.com!
OH NOES I HAVE COMPROMISED THE ACCOUNTS OF MILLIONS!
Re: Re: Re:
http://www.nytimes.com/2010/06/10/technology/10apple.html?ref=technology
But experts said that ICC-ID numbers could, in the right hands, be used to get other information, like an iPad’s location.
The breach “should be worrying people a lot,” said Nick DePetrillo, an independent security consultant.
Michael Kleeman, a communications network expert at the University of California, San Diego, said that AT&T should never have stored the information on a publicly accessible Web site. But he added that the damage was likely to be limited.
“You could in theory find out where the device is,” Mr. Kleeman said. “But to do that, you would have to gain access to very secure databases that are not generally connected to the public Internet.”
Re: Re: Re: Re:
But experts say that Street Addresses could, in the right hands, be used to get other information, like a phone number.
An independent security consultant tells everyone they should be worried – a lot.
Its all fun and games until someone puts an eye out.
Re: Re: Re:
My email address is on my Website, if you care to write me. I guess my email account is now “compromised” also.
Exactly right… except for the fact that the email addresses that Apple collected were not intended for public distribution. If you want to give out your email address to the world then that’s your decision. No one else should make that decision for you.
But since you obviously don’t mind people knowing your private contact information, may I have your cell number too? Just leave it here in this thread and I’ll write it down later. Thanks.
Re: Re: Re: Re:
FYI – Email – not secure. Email addresses can be randomly “discovered” pretty easily. It’s an address, they are public intentionally.
The only breach of much significance I see is the hackers have managed to connect the Id of a bunch of iPads to the actual users. Assuming you can capture the ID of the iPad when it connects to a network or to the internet, this could be a bit of an issue that makes it reasonably possible to connect some activity to a person.
The other news item here is that AT&T was completely incompetent in making this possible. Oh wait, their incompetency is not much of a surprise.
Re: Re: Re:2 Re:
Sure, email addresses are public by themselves (just as phone numbers and home addresses), but meaningless without an association with a person. The association between a person and an email address is not intended to be public knowledge unless the person decides to make that information available.
hollywood is now in state of RED ALERT
all there toys are comprimised OOOOHHH NOOO
the information gleened will tell a tale of [how many exploited] morons
guess not having me the user choose better security is well haha on you apple
hhahaahahaaa
The List
Hackers: So now we have a list of 114k hipster-suckers!
unlock at&t
unlock at&t