AT&T Apologizes to iPad 3G Customers for Data Leak

[JodyK]

At a bare minimum AT&T needs to give all those who were hacked (I am in that list) a new micro sim card to protect them!

I also think credit a month of service is something that should be done if not more.

 

[hexonxonx]

Hello.

Are the holes iPad specific or AT&T's fault?

Since the iPad uses standard wifi or 3G service it shouldn't be any more susceptible than anything else using these services...

AT&T does it again?

I got that letter too, so I'm very interested.

Have Fun,
Keri

From what I understand, there is a problem with the iPads Safari browser that allows a hacker to take control of the iPad. The problem was already patched in the desktop version of Safari a few months ago.

 

[AppleFan1984]

Breach allows tracking down to the cell tower?

http://www.tombom.co.uk/blog/?p=166

Via slashdot:
http://mobile.slashdot.org/story/10/06/14/210205/ATampT-Breach-May-Be-Worse-Than-Initially-Thought

 

[3goldens]

Never got one!

 

[dub3000]

I guess it could have been much worse. Email and ICC-ID. Most users put their own email addresses at risk by having it displayed on websites and such so, unless there's something very wrong with someone knowing the ICC-ID, it seems pretty minimal

Unless AT&T is hiding that there was more information stolen than the "hackers" or AT&T are willing to admit

actually, the ICC-ID can be turned into other sensitive info with a bit of mucking about. there's a reasonably well-informed article on slashdot about it.

if this affects you, demand a new SIM card.

edit: and yeah, this isn't a "hack", it was publically available on the AT&T website by just changing some stuff in a URL apparently. that's inexcusable on AT&T's part.

 

[Surreal]

Can we assume that no email means our name wasn't on the list?

i do have a 3G, so i thought my name would be there.

 

[dub3000]

Hello.

Are the holes iPad specific or AT&T's fault?

nothing to do with the ipad, except it's an ipad customer list. totally AT&T's fault.

You are all assuming "hacker" means some awesome code or extravagant work ala The Matrix. It just refers to anyone who steals information through computers. The theft is the key point, not what type of fancy code or fabulous ability was needed.

they're dodgy bastards by the look of things, but they didn't do anything especially tricky. it'd be like changing one of the numbers in the macrumors URL at the top of your window and stumbling on a list of secret data. granted, allegedly they've then tried to profit from it and that's pretty underhanded, but the acquisition of that first bit of data may have been pretty innocent.

If you use it to get information you are not entitled to, yes, it would make you a hacker...

what happens if it would have come up in a google search you did? (which sounds possible, given how ridiculously wide open the security hole was). would you want to be punished for that if you clicked on that link and read it?

if they get the book thrown at them, it should be for publishing the email data, not for publicising the security hole.

 

[AppleFan1984]

Can we assume that no email means our name wasn't on the list?

The list contains the subset of accounts for which it was convenient for one party (******) to obtain before they became bored.

Given the description of the hole they found on AT&T's server, it seems prudent to assume that all such data on servers similarly configured may have been exposed to others with less public goals in mind.

EDIT: Why does my use of the word "Go at se" trigger the forum bot here to block it, even though it's a part of the story being discussed?

 

[jettredmont]

EDIT: Why does my use of the word "Go at se" trigger the forum bot here to block it, even though it's a part of the story being discussed?

If you don't know why, consider yourself lucky. If your curiosity is now piqued, consider yourself warned. Google in this case is not your friend

 

[AppleFan1984]

If you don't know why, consider yourself lucky. If your curiosity is now piqued, consider yourself warned. Google in this case is not your friend

I'm familiar with the domain, I just don't understand how MR can use the name in their report but disallow it in the forums discussing the report.

 

[marksman]

edit: and yeah, this isn't a "hack", it was publically available on the AT&T website by just changing some stuff in a URL apparently. that's inexcusable on AT&T's part.

Still a hack.. Not sure why people want to ignore what hacking is and always has been.