Tags:
Journalism of Courage
The most-coveted gadget may hold some sinister side-effect surprises. AT&T Inc. on Wednesday acknowledged a security weak spot that exposed the e-mail addresses of apparently more than 100,000 users of Apple Inc.’s iPad,a breach that could make those people vulnerable to precision-targeted hacking attacks.
The vulnerability affected only iPad users who signed up for AT&T’s “3G” wireless Internet service.
The hacker group that claims to have discovered the weakness – the group calls itself Goatse Security – said it was able to trick AT&T’s site into coughing up more than 114,000 e-mail addresses,including those apparently of famous media personalities and important government officials.
A representative for the group told The Associated Press late Wednesday that the group contacted AT&T and waited until the vulnerability was fixed before going public with the information.
AT&T said the problem was fixed Tuesday but that it was alerted to it by a business customer.
Gawker Media Inc.’s Valleywag website earlier reported on the breach.
AT&T said it will notify all iPad users whose e-mail addresses may have been accessed.
“We take customer privacy very seriously and while we have fixed this problem,we apologize to our customers who were impacted,” the company said in a statement.
AT&T noted that the only information hackers would have been able to steal using this attack were users’ e-mail addresses. But that can be enough to launch a highly effective attack,since the attacker also knows that the person receiving the e-mail is an iPad user and an AT&T customer and would expect to receive e-mail from Apple and AT&T about their accounts. Criminals could use that knowledge to trick them into opening e-mails that plant malicious software on their computers.
An Apple representative deferred requests for comment to AT&T. Apple has sold more than 2 million iPads since they went on sale two months ago. The iPad comes in two different flavors – one that only connects to the Internet via Wi-Fi,and another that also can connect through AT&T’s “3G” cellular network. The Wi-Fi-only models aren’t affected by the breach. Apple hasn’t specified how many of each model it has sold.
