AT&T Security Hole Allows For iPad Owner Data Theft AT&T says they've closed website hole... Tipped by tmpchaos 
According to Valleywag, a security hole on AT&T's website allowed hackers to obtain the e-mail addresses of 114,000 owners of 3G Apple iPads, including "dozens of CEOs, military officials, and top politicians." According to the report, iPad owners' e-mail addresses and their ICC-ID -- used to identify their specific iPad on the AT&T network -- were obtained by a hacking group that calls themselves "Goatse Security." According to the New York Times, AT&T has closed the hole and is sending out notifications to those users whose information was compromised. AT&T's statement on the matter: AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.
|
  jjoshuaPremium
join:2001-06-01
Scotch Plains, NJ
kudos:1 | iPWN3D "We value your privacy"
iLOL. | |
|  | | | | slckusrPremium
join:2003-03-17
Maumee, OH
kudos:1 | Re: iPWN3D We will just place low caps on our internet service to prevent the hackers from doing their thing. | |
|
 TransmasterDon't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY | Feeding frenzy You should have seen the anti-Apple feeding frenzy on some of the other sites, »gawker.com/5559346/ They make out like it was the iPad who had the problem. What crap. As far as I am concerned AT&T has just put yet another nail in their exclusive agreement with Apple.
--
I am quite sure now that often, very often, in matters concerning religion and politics a man's reasoning powers are not above the monkey's.
- Mark Twain in Eruption | |
| | | | Re: Feeding frenzy It's amazing how rolled up money seems to keep pushing those nails back out. | |
| | Reviews:
 ·Comcast
 ·AT&T Southeast
| said by Transmaster:You should have seen the anti-Apple feeding frenzy on some of the other sites, » gawker.com/5559346/ They make out like it was the iPad who had the problem. It did have the problem. The problem started by making it exclusive to AT&T knowing full well the myriad of issues AT&T has. Apple is the one who is sticking with AT&T so AT&T's problem is Apple's problem. Now if the iG0tHaz0r3d could be used with other services that would be another story. | |
|
| | the name Goatse? That's one hole they can keep. | |
| MadtownPremium
join:2008-04-26
Madera, CA | Gives me an excuse..... These are the kind of articles, that give me more of an excuse to either make fun of Steve Jobsless or "Big Randy" but since it was on the AT&T website "Big Randy" will be getting made fun of. It's only 6:18am so still too early for me, but later on I might. | |
| |  ThrowDemsOutIf you can't convince 'em, confuse 'emPremium
join:2002-03-03
Mullica Hill, NJ
kudos:4 | Re: Gives me an excuse..... said by Madtown:These are the kind of articles, that give me more of an excuse to either make fun of Steve Jobsless or "Big Randy" but since it was on the AT&T website "Big Randy" will be getting made fun of. It's only 6:18am so still too early for me, but later on I might. Or make fun of the real villain here - Goatse. Another of the worthless groups that devote their lives trying to make a name for themselves by spending endless hours trying to punch holes in otherwise useful software.
--
Are you happy with your rep in Washington, DC? | |
|
 schmol
join:2001-12-26
Windsor, PA | wow... only 5 comments for the 2 hours that this has been posted, where are all of the att fanboys defending their icrap devices? | |
| | | | Re: wow... Probably at their Alter praying that this will pass over quietly. | |
| |  firephotoKDEPremium
join:2003-03-18
Brewster, WA
·Frontier Communi..
·Verizon Online DSL
| said by schmol:only 5 comments for the 2 hours that this has been posted, where are all of the att fanboys defending their icrap devices? And yet here's another lame attempt to turn this into an Apple problem. This was completely an AT&T problem. Their website had a flaw, it could of been storing the confidential information of every employee who likes cherry popsicles...
Thanks for yet another meme.
--
Say no to JAMS! | |
| | | | said by schmol:only 5 comments for the 2 hours that this has been posted, where are all of the att fanboys defending their icrap devices? If you got out more you would know we are waiting on our iPhone 4 to be released and could really give a i$hit if our email addresses were stolen. Oh and to save you time yes I enjoy my delicious Apple koolaid. 
--
dream your dreams with open eyes and make them come true... | |
|
approval from:
Yezidi
| at&t is complete crap. no surprise I spent a smidgeon over a decade inside at&t, working on various systems and projects. The whole network/platform is a house of cards. If it were built entirely on swiss cheese, it would have less holes.
Luck of the Irish perhaps, have kept larger issues like this from happening time and time again.
Back when all the user authentication data was held in nis+, and none of the nis+ servers were behind any sort of firewall or even ACL, some clown in SF figured out ... you mean I can become a client of said nis+ server, and download every customer's authentication information? Wow!
Oops!
Wait ... you mean there are root passwords on some servers and routers/network devices that haven't changed in years?
So ... how much you wanna bet, the administrative level password hasn't changed still?
Sadly, the corporate policies defined by the Computer Information Security department should prevent this sort of thing from being possible.
So if at&t can't even be in complete compliance with it's own rules & policies, why should we believe at&t is in complete compliance with federal, state, local laws, trade agreements, and so forth.
OP-113! SW-908!
Classic B (BellSouth) management isn't helping. Ass clowns!
It could be worse. In 1998, I observed a competitor based in town, that had the ENTIRE CUSTOMER BASE, in UNIX passwd files, that were available on the ftp server! No! they did not use shadow password security!  | |
| MadtownPremium
join:2008-04-26
Madera, CA | Time to get a new CEO. I think it's time to replace the retard and put someone else in charge. Maybe someone like IPPTu, (I can't remember the exact user name, he posts on the U-verse forum here) David would be another choice and also Bluepoint would be too, those are the names I came up with off the top of my mind.
The R in Randy stands for Retard.
If this happened with the iPad data just think of our internet at home, DSL, Cell, any data we have with AT&T. | |
| |  TomS_Git-r-donePremium,MVM
join:2002-07-19
Ireland
kudos:1
1 edit | Re: Time to get a new CEO. Do you really think that replacing the CEO would have fixed this, or will fix it? So next time there is a problem, the new CEO should be ousted aswell? And then the next, and so on and so forth?
Time for new software engineering staff/managers more like it. They are the ones creating the problems, not the CEO, who quite probably has no idea that this kind of stuff is even being created. But someone always has to be responsible right? Just boot the CEO out the door, instead of the fools who actually create the problems, let them keep their jobs and get away unscathed, and continue to develop security and privacy holes into important telecommunications systems... Yeah, that sounds about right!
I cant believe that every time something goes wrong (with any company mind you, not just AT&T - Eurostar is another one that comes to mind but thats OT) everyone says the CEO should be ousted. Its as if they think the CEO always knows about every single little flaw, defect, hole, etc, and as if they always know something is going to happen one day and that they just let it happen. Youre kidding me right?
Ok fair enough, some probably do, and those are the ones that should be ousted because they are dangerous in this precise kind of way.
The CEO is there to run the business, not to review the code that developers are pushing out. To me it sounds like they handled this quite well. A flaw was "discovered", and they patched it up shortly after being "told" about it. I use quotes because its possible someone knew about it... Fire them for being such a twit. | |
|
| | At&t fault yes but why do you need to give your email address to activate a product | |
|  dvd536as Mr. Pink as they comePremium
join:2001-04-27
Phoenix, AZ
kudos:4 | but but but apple products are secure.
laughing at all the yahoos that say that.
oh yeah "heres your sign"
 | |
| dforan
join:2000-12-09
Willoughby, OH | Stoopid Death Star They mave lost your e-mail but they got your caps in place
How they value the data you are receving is beyond normal comprehension.
Maybe they use their allmighty powers to help stop spam would not that be nice.. | |
|
| |
|
|
