AT&T Security Hole Allows For iPad Owner Data Theft
AT&T says they've closed website hole...
by Karl Bode 08:49AM Thursday Jun 10 2010 Tipped by tmpchaos
According to Valleywag
, a security hole on AT&T's website allowed hackers to obtain the e-mail addresses of 114,000 owners of 3G Apple iPads, including "dozens of CEOs, military officials, and top politicians." According to the report, iPad owners' e-mail addresses and their ICC-ID -- used to identify their specific iPad on the AT&T network -- were obtained by a hacking group that calls themselves "Goatse Security." According to the New York Times
, AT&T has closed the hole and is sending out notifications to those users whose information was compromised. AT&T's statement on the matter:
AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.
| |said by Transmaster:It did have the problem. The problem started by making it exclusive to AT&T knowing full well the myriad of issues AT&T has. Apple is the one who is sticking with AT&T so AT&T's problem is Apple's problem. Now if the iG0tHaz0r3d could be used with other services that would be another story.
You should have seen the anti-Apple feeding frenzy on some of the other sites, »gawker.com/5559346/
They make out like it was the iPad who had the problem.
Re: Gives me an excuse.....
said by Madtown:Or make fun of the real villain here - Goatse. Another of the worthless groups that devote their lives trying to make a name for themselves by spending endless hours trying to punch holes in otherwise useful software.
These are the kind of articles, that give me more of an excuse to either make fun of Steve Jobsless or "Big Randy" but since it was on the AT&T website "Big Randy" will be getting made fun of. It's only 6:18am so still too early for me, but later on I might.
Are you happy with your rep in Washington, DC?
Re: wow... Probably at their Alter praying that this will pass over quietly.
| |firephotoWe the peoplePremium
| |said by schmol:And yet here's another lame attempt to turn this into an Apple problem. This was completely an AT&T problem. Their website had a flaw, it could of been storing the confidential information of every employee who likes cherry popsicles...
only 5 comments for the 2 hours that this has been posted, where are all of the att fanboys defending their icrap devices?
Thanks for yet another meme.
Say no to JAMS!
at&t is complete crap. no surprise I spent a smidgeon over a decade inside at&t, working on various systems and projects. The whole network/platform is a house of cards. If it were built entirely on swiss cheese, it would have less holes.
Luck of the Irish perhaps, have kept larger issues like this from happening time and time again.
Back when all the user authentication data was held in nis+, and none of the nis+ servers were behind any sort of firewall or even ACL, some clown in SF figured out ... you mean I can become a client of said nis+ server, and download every customer's authentication information? Wow!
Wait ... you mean there are root passwords on some servers and routers/network devices that haven't changed in years?
So ... how much you wanna bet, the administrative level password hasn't changed still?
Sadly, the corporate policies defined by the Computer Information Security department should prevent this sort of thing from being possible.
So if at&t can't even be in complete compliance with it's own rules & policies, why should we believe at&t is in complete compliance with federal, state, local laws, trade agreements, and so forth.
Classic B (BellSouth) management isn't helping. Ass clowns!
It could be worse. In 1998, I observed a competitor based in town, that had the ENTIRE CUSTOMER BASE, in UNIX passwd files, that were available on the ftp server! No! they did not use shadow password security!
Re: Time to get a new CEO. Do you really think that replacing the CEO would have fixed this, or will fix it? So next time there is a problem, the new CEO should be ousted aswell? And then the next, and so on and so forth?
Time for new software engineering staff/managers more like it. They are the ones creating the problems, not the CEO, who quite probably has no idea that this kind of stuff is even being created. But someone always has to be responsible right? Just boot the CEO out the door, instead of the fools who actually create the problems, let them keep their jobs and get away unscathed, and continue to develop security and privacy holes into important telecommunications systems... Yeah, that sounds about right!
I cant believe that every time something goes wrong (with any company mind you, not just AT&T - Eurostar is another one that comes to mind but thats OT) everyone says the CEO should be ousted. Its as if they think the CEO always knows about every single little flaw, defect, hole, etc, and as if they always know something is going to happen one day and that they just let it happen. Youre kidding me right?
Ok fair enough, some probably do, and those are the ones that should be ousted because they are dangerous in this precise kind of way.
The CEO is there to run the business, not to review the code that developers are pushing out. To me it sounds like they handled this quite well. A flaw was "discovered", and they patched it up shortly after being "told" about it. I use quotes because its possible someone knew about it... Fire them for being such a twit.