MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,430
15,161
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

AT&T has sent emails to customers of its iPad 3G data service apologizing for and providing additional information on the exposure of their email addresses and SIM card identifiers last week.

The letter outlines in brief detail how the information was accessed and the company's response once it was notified of the breach. AT&T also reassures its customers that their password and other account information, as well as any data on their devices, are unaffected. It also suggests that the primary risk of the information leak is increased spam and the possible use of such information in targeted phishing tactics attempting to gain additional personal information about customers.

The security breach is currently under investigation by the Federal Bureau of Investigation, which is examining the circumstances surrounding the information exposure and what may have been done with the data obtained.


092906-att_ipad_3g_letter_500.png



Article Link: AT&T Apologizes to iPad 3G Customers for Data Leak
 

Jamekae

macrumors newbie
Mar 20, 2010
18
0
How do we know the hackers didn't send out this letter to all the AT&T email accounts they gathered for reasons beyond our knowledge to aid them in their criminal deeds?

We can trust no one.
 

spazzcat

macrumors 68030
Jun 29, 2007
2,843
1,720
I got one and was wondering if this meant I was part of the leak or if they sent them out to everyone that has an 3G iPad...
 

Little Endian

macrumors 6502a
Apr 9, 2003
680
31
Honolulu
ATT could have at least given those affected 1 free month of service.... wishful thinking on my part but it could help improve their image. Most iphone/ipad users have or at least are developing an increasing amount of animosity toward ATT. From what I have seen from ATT over the past two years I would say customer retention is not a priority or perhaps greed is clouding their judgement.
 

spazzcat

macrumors 68030
Jun 29, 2007
2,843
1,720
This wasn't a hack...it was a HUGE hole in their security!

Using a security hole for your own gain is still a hack. As soon as they found the hole they should have contacted ATT. Not harvested 144K email addresses...
 

apple.network

macrumors newbie
Jun 14, 2010
2
0
Can't Even Be Arsed Using The Customers' Names!

AT&T : You make Rogers ( aka Robbers ) look fantastic!

LOL

Yup. In fact, you're such a valued customer to AT&T that we cannt even be arsed individualising your letter and putting you very own name on the Dear line... wouldn't make me feel special.

First rule of an apology, use the customers name, FGS!

Steven (UK)
 

phillipjfry

macrumors 6502a
Dec 12, 2006
847
1
Peace in Plainfield
I guess it could have been much worse. Email and ICC-ID. Most users put their own email addresses at risk by having it displayed on websites and such so, unless there's something very wrong with someone knowing the ICC-ID, it seems pretty minimal

Unless AT&T is hiding that there was more information stolen than the "hackers" or AT&T are willing to admit
 

kdarling

macrumors P6
Apparently the hacker group shopped their findings around before revealing them. Everything's about money nowadays, right?

Their delay turned out to be a good thing though:

AT&T claims that they were told about the hole on Monday by a business customer, and had it fixed by Tuesday, a day before the story came out.

So that leaves the hackers holding a bag of email addresses that they really shouldn't have.
 

footOdorProblem

macrumors newbie
Jul 3, 2007
11
0
"The hackers deliberately went to great efforts with a random program to extract..."

This "great" effort probably took them all of 20 minutes to script after discovering the flaw with AT&T's web service.
 

doctor-don

macrumors 68000
Dec 26, 2008
1,589
317
Georgia USA
Apparently the hacker group shopped their findings around before revealing them. Everything's about money nowadays, right?

Their delay turned out to be a good thing though:

AT&T claims that they were told about the hole on Monday by a business customer, and had it fixed by Tuesday, a day before the story came out.

So that leaves the hackers holding a bag of email addresses that they really shouldn't have.

And remember that the hackers ... err, security company ... sent the list to a third / fourth party, not to AT&T.

Why do they believe they broke no laws? Did they have permission to access the accounts / e-mail addresses of those iPad owners? Will the iPad owners experience an increase in SPAM? If so, then prosecute the hackers ... aka security company. Make it as undesirable as possible for anyone to hack another's computer.
 

PBG4 Dude

macrumors 68040
Jul 6, 2007
3,563
3,136
You'd think a company that works with the NSA would have some clues about data security. :\
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.