FBI investigating AT&T security hole on iPad

Posted June 11, 2010 at 6:43 a.m.

Associated Press | The FBI says it is investigating a data breach at AT&T that exposed
the e-mail addresses of more than 114,000 owners of the Apple iPad,
including government officials. The agency said on Thursday that it is
looking into “the potential cyber threat” from the breach.

AT&T Inc. said it has no comment. The Dallas-based phone company
acknowledged Wednesday that it had exposed the e-mail addresses through
a Web site, and had closed the breach.

The vulnerability only affected iPad users who signed up for AT&T’s “3G” wireless Internet service.

An AT&T Web site could be tricked into revealing an iPad owner’s e-mail address when supplied with a code associated with their particular iPad. A hacker group that calls itself Goatse Security said it got the site to cough up more than 114,000 e-mail addresses by guessing which codes would be valid.

The group said it contacted AT&T and waited until the vulnerability was fixed before going public with the information. AT&T said the problem was fixed Tuesday but that it was alerted to it by a business customer.

Apple Inc., the maker of the iPad, has not commented on the breach, referring all questions to AT&T.

AT&T has apologized and said it will notify all iPad users whose e-mail addresses may have been accessed. It noted that the only information hackers would have been able to steal using the attack were users’ e-mail addresses.

But that can be enough to launch an effective attack, since the attacker also knows that the person receiving the e-mail is an iPad user and an AT&T customer and would expect to receive e-mail from Apple and AT&T about their accounts. Criminals could use that knowledge to trick them into opening e-mails that plant malicious software on their computers.

New York Mayor Michael Bloomberg’s e-mail address was among those exposed, but the billionaire media mogul shrugged it off Thursday and said he didn’t understand the fuss.

“It shouldn’t be pretty hard to figure out my e-mail address,” Bloomberg said, “and if you send me an e-mail and I don’t want to read it, I don’t open it. To me it wasn’t that big of a deal.”



  1. George June 10, 2010 at 12:26 pm

    “Goatse Security”… hahaha… google “goatse”

  2. Tom June 10, 2010 at 1:32 pm

    Articles like this are so stupid. The headline might as well read:
    “Hey Hackers!! Here’s A New Idea For You!”

  3. skepticalsurfer June 10, 2010 at 3:01 pm

    Maybe AT&T will loose their monopoly deal with Apple if they keep scewing up like this.