AT&T apologises for iPad hack

Pocket-lint

By Ben Crompton

Published Jun 14, 2010

US mobile phone operator AT&T has apologised to customers for a security breach which left iPad emails exposed.

The breach was thanks to a loop-hole on AT&T's site and exploited by a group called Goatse Security who reported the issue to Gawker.com, leading many to believe publicity was the motivation.

The apology has been delivered in the form of a letter to customers from Dorothy Attwood, the chief privacy officer at AT&T, who goes some way to try and explain the breach which saw over 100,000 email addresses visible.

“On June 7 we learned that unauthorized computer 'hackers' maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service. The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already
populated on the log-in screen".

"The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity. As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses".

"Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password".

AT&T has told those affected that they can "continue to use [their] AT&T 3G service on [their] iPad with confidence", but whether that will be enough to reassure customers, especially considering the breach was so serious the FBI are to investigate it, is yet to be
seen.

Still happy to use your iPad on AT&T? Let us know your thoughts in the comments below.