AAPL Stock: 117.81 ( -0.22 )

Printed from

AT&T breach compromises 114,000 iPad 3G users [U]

updated 06:15 pm EDT, Wed June 9, 2010

ATT security hole may have shown iPad 3G data

(Updated with AT&T confirmation) An investigation today has found that a weakness in AT&T's security has exposed the identities of over 114,000 iPad 3G owners in the past few weeks. Hacker group Goatse Security claimed to Gawker to have manipulated an AT&T website-side script that would return the e-mail addresses associated with the ICC-IDs of the SIM cards in Apple's tablets. By using and guessing iPad ICC-IDs through a PHP script, as well as spoofing an iPad-like user agent, the group collected a large amount of personal information that included some well-known figures.

Among those compromised were top political officials such as House Chief of Staff Rahm Emmanuel and New York City Mayor Michael Bloomberg. Some in publishing, media networks and the US military will also have been exposed.

The hole is believed to have been closed a few days ago and wouldn't lead to security exploits on the iPads themselves. However, the plug arrived only after the hackers shared the script with other groups, some of whom may have used it to scrape e-mail addresses for any other 3G-capable iPad owner on AT&T. The carrier also hasn't notified customers of the escaped data.

AT&T has been contacted by Electronista, but a spokesman said the network didn't yet have an official response.

The unintentional leak has already been treated as a symbolic loss for AT&T. With iPhone customers in key cities like San Francisco still affected by heavy 3G data congestion and many others critical of its decision to end unlimited data plans, the carrier has been under heat to mend its reputation. AT&T's very broad upgrade eligibility for the iPhone 4 has been interpreted by some as a sign that it has been anticipating an end to its iPhone exclusivity; the iPad breach risks thwarting some of its goodwill efforts.

Update: AT&T has provided a statement confirming the security breach.

AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.

This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

The person or group who discovered this gap did not contact AT&T.

We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained. At this point, there is no evidence that any other customer information was shared.

We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.

by MacNN Staff



  1. rbodgers

    Joined: Dec 1969


    This site just gets worse and worse

    "An investigation today has found..."
    - Who performed this investigation?

    "The unintentional leak has already been treated as a symbolic loss for AT&T"
    - by whom? Sources. And make them good and credible. I could care less what you and the other bloggers at this blog site think.

    "AT&T's very broad upgrade eligibility for the iPhone 4 has been interpreted by some..."
    - wow. "Some", huh? Impressive. Don't actually give examples. That would ruin the effect.

    "The iPad breach risks thwarting some of its goodwill efforts."
    - Excellent! Wild speculation! Or was there a completely uncredited source for this? This article wasn't written by an expert, which means I couldn't care less what your opinion is. You know how I know? Because no one took credit for it. And since no one took credit for it, I can't tell what their background is, how accurate they've been in the past, or make any other evaluations of these completely unsubstantiated remarks. So it clearly wasn't someone who was concerned about qualifications. But hey, you've been reading all of the other "Mac news" websites, right? That makes you an expert!

    You should work for Fox. At least they admit publicly that their content is editorial.

  1. starwarrior

    Joined: Dec 1969


    Someone Bought Three T-Mobile Phones

    with my data. Within five hours of turning on the iPad account with a credit card the credit card was compromised and used to buy three T-Mobile phone delivered to south Florida. It is under investigation. The T-Mobile signup site has very few safeguards if any against fraudulent charges. Their complaint staff is "Duh." Have others had unauthorized charges after turning on iPad?

  1. starwarrior

    Joined: Dec 1969


    Got Everything

    T-Mobile did tell me that they had everything as it is the only way to order phones. I think they got a lot more that email addresses.

  1. testudo

    Joined: Dec 1969


    Re: This site

    Here's an idea, follow the link in the first sentence of the article to get the 'whole' story. What do you want MacNN to do, rewrite it word for word so you don't have to learn to go to another site?

  1. testudo

    Joined: Dec 1969


    Re: Got everything

    T-Mobile did tell me that they had everything as it is the only way to order phones. I think they got a lot more that email addresses.

    Note that the people who claimed to have gotten the email addresses may not have been the only ones to break into the site. People always think that if someone finds a problem, they're the only ones who possibly could have found it, and, on top of that, it is immediately reported to the proper folks and found on places like this.

    In fact, the hole was probably open the entire month of May and possibly before then, and any number of people may have discovered it.

    So, for all we know, there might be 20 different hackers who all grabbed information, and who knows what they did with the data.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented