Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

Compile 'em all

macrumors 601
Original poster
Apr 6, 2005
4,110
230
Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the wireless-enabled tablet—could be vulnerable to spam marketing and malicious hacking.

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.

It doesn't stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed.

The specific information exposed in the breach included subscribers' email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T's network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber.



http://gawker.com/5559346/
 

GamecockMac

macrumors 6502a
Oct 20, 2005
863
0
Columbia, SC

Funny how you didn't include this quote from the article...

AT&T closed the security hole in recent days, but the victims have been unaware, until now. For a device that has been shipping for barely two months, and in its wireless configuration for barely one, the compromise is a rattling development. The slip up appears to be AT&T's fault at the moment, and it will complicate the company's already fraught relationship with Apple. But it will also likely unnerve customers thinking of buying iPads that connect to AT&T's cellular network.

So how is this "Apple's Worst Security Breach"? Short answer...it isn't. Gawker is clearly running a misleading title in a nakedly obvious attempt to get some revenge on the company who has been giving them the cold shoulder since Gizmodo's little purchase of some stolen property.
 

MacRumors

macrumors bot
Apr 12, 2001
55,026
17,406
Email Addresses and SIM Identifiers of 114,000 AT&T iPad 3G Users Exposed




172558-ipad_3g_badge.jpg


Valleywag reports that a security breach on AT&T's website has allowed public access to email addresses and SIM card identifier numbers (known as ICC-IDs) for 114,000 iPad Wi-Fi + 3G users on the company's cellular network.
The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.
The security hole, which has been closed by AT&T, appears to have been related to data meant for a Web application accessible on the iPad. Those who discovered the hole were able to guess large swaths of ICC-ID numbers based on a handful of known numbers and use a script paired with an iPad user agent setting on their browser to query the email addresses associated with the ICC-IDs.

Beyond the obvious privacy implications of having personal email addresses exposed, it is unclear exactly what the ramifications of the security breach are. Despite claims from those who discovered the breach that the information might be able to be used to spoof devices or intercept data, other security researchers do not believe that to be possible. AT&T and Apple have yet to comment on the situation.

Article Link: Email Addresses and SIM Identifiers of 114,000 AT&T iPad 3G Users Exposed
 

Compile 'em all

macrumors 601
Original poster
Apr 6, 2005
4,110
230
Didn't they wipe it though?

Wipe what exactly? The security hole was closed now but the users have been compromised already. You can't "un-expose" an email once it is known. I am betting the list is floating somewhere underground.
 

ChazUK

macrumors 603
Feb 3, 2008
5,390
24
Essex (UK)
Wirelessly posted (Mozilla/5.0 (iPod; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7)

Ouch!

Is there really anything that can be done with this info? :( all I can think of is a spamfest on the email accounts.
 

Compile 'em all

macrumors 601
Original poster
Apr 6, 2005
4,110
230
Funny how you didn't include this quote from the article...



So how is this "Apple's Worst Security Breach"? Short answer...it isn't. Gawker is clearly running a misleading title in a nakedly obvious attempt to get some revenge on the company who has been giving them the cold shoulder since Gizmodo's little purchase of some stolen property.


I didn't intentionally do anything to the title. I didn't even add my own commentary or anything :). Just wanted to get this thing out. I would rename the title to "AT&T's fault" if you guys think it is more appropriate. While I of course do agree it is AT&T's fault, it is an Apple device at the end of the day to the end user.
 

deenybird

macrumors regular
Jul 21, 2008
220
0
First eliminating the unlimited data plan, now this....

Certainly a bad week for AT&T and their customers
 

Mr Skills

macrumors 6502a
Nov 21, 2005
803
1
This could be terrible PR for the iPad - I'm expecting 75% of newspapers/magazines/websites to run headlines that give readers the false impression that this is a security issue with the iPad itself (or with Apple).

EDIT - Just as I predicted! The very article MacRumors linked to is headlined "Apple's Worst Security Breach: 114,000 iPad Owners Exposed".
 

Dmac77

macrumors 68020
Jan 2, 2008
2,165
2
Michigan
Wow that sucks. Heads are probably going to roll at AT&T. Just out of curiosity, I wonder if SJ's actual email address (you know the one that he actually reads himself) got leaked by this?

Don
 

GamecockMac

macrumors 6502a
Oct 20, 2005
863
0
Columbia, SC
Except you can hardly make the claim that Apple's stock success is due to their choice of AT&T as a carrier.

And you can hardly make the claim that it has significantly hampered their success. One could make the argument that they might have enjoyed greater success if they offered the iPhone on another carrier (like Verizon), but there is no direct proof of that.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.