dslreports logo
 story category
AT&T Security Hole Allows For iPad Owner Data Theft
AT&T says they've closed website hole...

According to Valleywag, a security hole on AT&T's website allowed hackers to obtain the e-mail addresses of 114,000 owners of 3G Apple iPads, including "dozens of CEOs, military officials, and top politicians." According to the report, iPad owners' e-mail addresses and their ICC-ID -- used to identify their specific iPad on the AT&T network -- were obtained by a hacking group that calls themselves "Goatse Security." According to the New York Times, AT&T has closed the hole and is sending out notifications to those users whose information was compromised. AT&T's statement on the matter:

quote:
AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.

This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

The person or group who discovered this gap did not contact AT&T.

We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.

We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.
view:
topics flat nest 

jjoshua
Premium Member
join:2001-06-01
Scotch Plains, NJ

jjoshua

Premium Member

iPWN3D

"We value your privacy"

iLOL.

Alcohol
Premium Member
join:2003-05-26
Climax, MI

1 edit

Alcohol

Premium Member

Re: iPWN3D

»mobile.venturebeat.com/2 ··· -breach/

Good job ATT. Just blame the hackers.
slckusr
Premium Member
join:2003-03-17
Greenville, SC

slckusr

Premium Member

Re: iPWN3D

We will just place low caps on our internet service to prevent the hackers from doing their thing.

Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY

Transmaster

Member

Feeding frenzy

You should have seen the anti-Apple feeding frenzy on some of the other sites, »gawker.com/5559346/ They make out like it was the iPad who had the problem. What crap. As far as I am concerned AT&T has just put yet another nail in their exclusive agreement with Apple.
Angrychair
join:2000-09-20
Jacksonville, FL

Angrychair

Member

Re: Feeding frenzy

It's amazing how rolled up money seems to keep pushing those nails back out.

NOCTech75
Premium Member
join:2009-06-29
Marietta, GA

NOCTech75 to Transmaster

Premium Member

to Transmaster
said by Transmaster:

You should have seen the anti-Apple feeding frenzy on some of the other sites, »gawker.com/5559346/ They make out like it was the iPad who had the problem.
It did have the problem. The problem started by making it exclusive to AT&T knowing full well the myriad of issues AT&T has. Apple is the one who is sticking with AT&T so AT&T's problem is Apple's problem. Now if the iG0tHaz0r3d could be used with other services that would be another story.
Angrychair
join:2000-09-20
Jacksonville, FL

Angrychair

Member

the name

Goatse? That's one hole they can keep.
Madtown
Premium Member
join:2008-04-26
93637-2905

Madtown

Premium Member

Gives me an excuse.....

These are the kind of articles, that give me more of an excuse to either make fun of Steve Jobsless or "Big Randy" but since it was on the AT&T website "Big Randy" will be getting made fun of. It's only 6:18am so still too early for me, but later on I might.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

Re: Gives me an excuse.....

said by Madtown:

These are the kind of articles, that give me more of an excuse to either make fun of Steve Jobsless or "Big Randy" but since it was on the AT&T website "Big Randy" will be getting made fun of. It's only 6:18am so still too early for me, but later on I might.
Or make fun of the real villain here - Goatse. Another of the worthless groups that devote their lives trying to make a name for themselves by spending endless hours trying to punch holes in otherwise useful software.

schmol
join:2001-12-26
Windsor, PA

schmol

Member

wow...

only 5 comments for the 2 hours that this has been posted, where are all of the att fanboys defending their icrap devices?

battleop
join:2005-09-28
00000

2 recommendations

battleop

Member

Re: wow...

Probably at their Alter praying that this will pass over quietly.

firephoto
Truth and reality matters
Premium Member
join:2003-03-18
Brewster, WA

1 recommendation

firephoto to schmol

Premium Member

to schmol
said by schmol:

only 5 comments for the 2 hours that this has been posted, where are all of the att fanboys defending their icrap devices?
And yet here's another lame attempt to turn this into an Apple problem. This was completely an AT&T problem. Their website had a flaw, it could of been storing the confidential information of every employee who likes cherry popsicles...

Thanks for yet another meme.

ToxicDrew
Premium Member
join:2001-09-24

ToxicDrew to schmol

Premium Member

to schmol
said by schmol:

only 5 comments for the 2 hours that this has been posted, where are all of the att fanboys defending their icrap devices?
If you got out more you would know we are waiting on our iPhone 4 to be released and could really give a i$hit if our email addresses were stolen. Oh and to save you time yes I enjoy my delicious Apple koolaid.

t3ln3t
@vericenter.com

1 recommendation

t3ln3t

Anon

at&t is complete crap. no surprise

I spent a smidgeon over a decade inside at&t, working on various systems and projects. The whole network/platform is a house of cards. If it were built entirely on swiss cheese, it would have less holes.

Luck of the Irish perhaps, have kept larger issues like this from happening time and time again.

Back when all the user authentication data was held in nis+, and none of the nis+ servers were behind any sort of firewall or even ACL, some clown in SF figured out ... you mean I can become a client of said nis+ server, and download every customer's authentication information? Wow!

Oops!

Wait ... you mean there are root passwords on some servers and routers/network devices that haven't changed in years?
So ... how much you wanna bet, the administrative level password hasn't changed still?

Sadly, the corporate policies defined by the Computer Information Security department should prevent this sort of thing from being possible.
So if at&t can't even be in complete compliance with it's own rules & policies, why should we believe at&t is in complete compliance with federal, state, local laws, trade agreements, and so forth.

OP-113! SW-908!

Classic B (BellSouth) management isn't helping. Ass clowns!

It could be worse. In 1998, I observed a competitor based in town, that had the ENTIRE CUSTOMER BASE, in UNIX passwd files, that were available on the ftp server! No! they did not use shadow password security!
Madtown
Premium Member
join:2008-04-26
93637-2905

Madtown

Premium Member

Time to get a new CEO.

I think it's time to replace the retard and put someone else in charge. Maybe someone like IPPTu, (I can't remember the exact user name, he posts on the U-verse forum here) David would be another choice and also Bluepoint would be too, those are the names I came up with off the top of my mind.

The R in Randy stands for Retard.

If this happened with the iPad data just think of our internet at home, DSL, Cell, any data we have with AT&T.

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

1 edit

TomS_

MVM

Re: Time to get a new CEO.

Do you really think that replacing the CEO would have fixed this, or will fix it? So next time there is a problem, the new CEO should be ousted aswell? And then the next, and so on and so forth?

Time for new software engineering staff/managers more like it. They are the ones creating the problems, not the CEO, who quite probably has no idea that this kind of stuff is even being created. But someone always has to be responsible right? Just boot the CEO out the door, instead of the fools who actually create the problems, let them keep their jobs and get away unscathed, and continue to develop security and privacy holes into important telecommunications systems... Yeah, that sounds about right!

I cant believe that every time something goes wrong (with any company mind you, not just AT&T - Eurostar is another one that comes to mind but thats OT) everyone says the CEO should be ousted. Its as if they think the CEO always knows about every single little flaw, defect, hole, etc, and as if they always know something is going to happen one day and that they just let it happen. Youre kidding me right?

Ok fair enough, some probably do, and those are the ones that should be ousted because they are dangerous in this precise kind of way.

The CEO is there to run the business, not to review the code that developers are pushing out. To me it sounds like they handled this quite well. A flaw was "discovered", and they patched it up shortly after being "told" about it. I use quotes because its possible someone knew about it... Fire them for being such a twit.

odreian615
join:2006-01-18
Chicago, IL

odreian615

Member

At&t fault yes

but why do you need to give your email address to activate a product

dvd536
as Mr. Pink as they come
Premium Member
join:2001-04-27
Phoenix, AZ

dvd536

Premium Member

but but but

apple products are secure.
laughing at all the yahoos that say that.
oh yeah "heres your sign"
dforan
join:2000-12-09
Willoughby, OH

dforan

Member

Stoopid Death Star

They mave lost your e-mail but they got your caps in place

How they value the data you are receving is beyond normal comprehension.

Maybe they use their allmighty powers to help stop spam would not that be nice..