Massive AT&T Breach Exposes A-Listers' iPad Data
A huge AT&T security breach has put more than 100,000 iPad owners at risk.
Gawker's Ryan Tate writes that based on information he received from a Web security firm, 114,000 people, some of them big name executives and government officials, are affected by an AT&T security breach.
Tate reports that a group called Goatse Security obtained subscriber data through a script on AT&T's website. All that was required was the iPad's ICC-ID (integrated circuit card identifier), the unique number attached to each subscriber's SIM card:
"Goatse Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application. The security researchers were able to guess a large swath of ICC-IDs by looking at known iPad 3G ICC-IDs, some of which are shown in pictures posted by gadget enthusiasts to Flickr and other internet sites, and which can also be obtained through friendly associates who own iPads and are willing to share their information, available within the iPad "Settings" application.
To make AT&T's servers respond, the security group merely had to send an iPad-style "User agent" header in their Web request. Such header identify users' browser types to websites."
Though the firm warned AT&T of the vulnerability, Goatse wrote a PHP script to harvest the data and this was shared with third-parties before AT&T closed the security hole. A member told Gawker it's likely many accounts beyond the 114,000 have been compromised because it isn't known whose hands the exploit fell into and what they did with the names they obtained.
The breach is said to have exposed "the most exclusive email list on the planet" as early adopters of the Apple tablet include A-listers in finance, politics and media. Among the 114,000 are NYT CEO Janet Robinson, Harvey Weinstein, Mayor Michael Bloomberg, White House Chief of Staff Rahm Emanuel and Diane Sawyer of ABC News.
- DRM: Is Steamworks The Way to Go?
- Google Update Promises 50% Fresher Results
- We May Know Valve's Big Super Secret
- Boy Saves Sister From Moose Using WoW Skills
- iPhone 4: Who Needs the iPad Now?
- Educational Math-Based FPS Ignites Protest
- Google Gives HP Printers Own Email Addresses
- VIDEO: This Lian Li Spider Case Actually Moves
- Will BIOS Be Dead in 3 Years?
- QOTD: Does Your Child Have a Cell Phone? Why?
- Toshiba Unleashes 2.5'' HDDs with 10K RPM
- MSI's GT660 Gaming Notebook Gets Spec'd
- Crysis 2 Beta Program Announced
- Foxconn Considering Moving Production to Taiwan
- VIDEO: First StarCraft II TV Commercial (Hotness)
- Windows 7 Vulnerable to Memory Attack
- Team Fortress 2 50% Off, Free to Play at Weekend
- MSI Ships 17'' GX740 with Radeon 5870, Core i7
So is that classed as stealing the data?
Goatse investigating holes of another kind then...nice to see some things stay the same.
I lol'd so hard.
But nevermind, they're only iPad owners.
guess the security had a gaping hole