Email Addresses and SIM Identifiers of 114,000 AT&T iPad 3G Users Exposed

[ChrisA]

Why are not all the data on every mobile device encrypted? It seems to be that losing the device would be something one could foresee. Routine encryption would solve a lot of problems. It would be transparent to the user. His login password would double as the key.

The above goes double for any kind of server. In fact I'd say it is idiotic not to encrypt any sensitive data.

 

[ruinfx]

lol @ the name of the "security" group

 

[Eninety2]

im confused. they mention the iPhone prototype in the article, but was the leak caused by that phone or was it from something else?

 

[andyone]

AT&T should be fined a few million for this. Also the manager who gave the job of writing this software to an intern needs to be fired.

 

[RalfTheDog]

First step of an iPad 3G owner? Go to an ATT store, pop open your iPad, pull out the SIM then ask them for a new one. They will swap it out for free. It will not prevent people from spamming your email account, but it will prevent people using your bandwidth. It takes longer to stand in line than it does to get the old SIM deactivated and the new one turned on.

 

[JTVPRO]

Don't Rewrite History

Yeah, let's see...

Troll: "Hey Steve...how's that AT&T exclusivity deal working out for ya?"

Me: Well, considering the iPhone has been a home-run success and has significantly impacted the company positively from a financial standpoint, it seems to be working out just fine.

That is not what you said GameCockmac. Do not misquote yourself! I like a good discussion but you can't change what you said.

 

[Jaro65]

Are you aware what has happened to Apple's stock price and market cap since the iPhone was introduced on AT&T exclusively?

I'd say it's working out pretty well.

Are you aware what could have happened to Apple's stock price and market cap if the iPhone had not been introduced on AT&T exclusively?

Fixed that for you.

 

[Mark Booth]

AT&T screws up and Gawker writes an article that puts more blame on Apple than AT&T. Gee, you'd think the folks at Gawker have some vendetta against Apple?!

Does anyone have any extra spray Lysol? I need to disinfect my computer screen after it wandered over to valleywag.

Mark

 

[Plutonius]

First step of an iPad 3G owner? Go to an ATT store, pop open your iPad, pull out the SIM then ask them for a new one. They will swap it out for free. It will not prevent people from spamming your email account, but it will prevent people using your bandwidth. It takes longer to stand in line than it does to get the old SIM deactivated and the new one turned on.

Very good suggestion.

Any idea why all the positives votes on this story ? I guess some people enjoy it when something goes wrong for other people.

 

[VanNess]

So, it wasn't a "breakthrough deal" after all, it was a break-in deal.

But, nothing to get excited about here. Since the data was on AT&T's servers, it would have taken someone, oh, about five years to connect and download one email address.

 

[ChrisJSNh]

personally i dont like at&t and not overly impressed with apple, but i do like the ipad and iphones.. i have a few of each..

But to play neutral in this "who is to blame" and lots say the titles of Apple security breech etc should be pointed to at&t

here are my questions and one assumption as to who:

in reading the article. it says "ipad owners" ,, so if it was at&t why do they say it only effects iPad owners?

It also states on macrumors main page
"appears to have been related to data meant for a Web application accessible on the iPad" , why only an app for the ipad?

my thoughts on what happened.
why does iAds come to mind,, making the data accessible for demographics , advertising... Targeting ads directly to the ipad ..

I personally think this is all a big screw up on bringing ads to the ipad. Apple wants to control ads, notice the way they block admob stuff? so they wanted some info available.

just my opinion


hmm conspiracy thoery

 

[goobot]

I like how apple has had Tons of sercutity holes in the phone over the years and AT&T has one and it's the end of the world.

 

[JTVPRO]

It's a good question, not a stupid one. How do you think he would answer? How do you think Apple shareholders would answer in the wake of a network security breach? I mean, it's At&t, so Apple stock should be fine, right?

Agreed. It is a valid point. Nothing to do with trolling. How quick GamecockMac turns to insults. Sign of weakness in your arguement GamecockMac.

 

[ThunderSkunk]

As if AT&T couldn't possibly suck any more than it already did.

Nice goin.

 

[NebulaClash]

I like how apple has had Tons of sercutity holes in the phone over the years and AT&T has one and it's the end of the world.

Please point to even one example where Apple lost 100,000+ accounts in a similar case of lack of security, and then you will have answered your own question.

 

[SimonTheSoundMa]

Exactly. Way to go Gawker in leading the way in misleading the masses

Granted, it's an Apple device, but it's obviously an AT&T issue. My guess, though, is that an IPAD SECURITY BREACH garners a lot more attention than an AT&T-titled headline. Journalists...

International press have been the same with Foxconn and Apple too. Yes, they do manufacture Apple hardware, but Apple is one of their smallest customers. They employ 800,000 people, and their suicide rates are below the Chinese national average, where the average is 27th in the world.

It is sad people have committed suicide. The fact the press have used Apple's name in it makes no sense.

 

[Horus]

No wonder why I deleted Gizmodo from my Bookmarks, Bitter Bitches are Bitter.

 

[andiwm2003]

dang, i activated mine about one hour after release. does that mean there is a chance that my email and id could be affected?

 

[Black Macbook]

That title of the article is misleading, incorrect and the work of a troll. This is hardly surprising since it's coming from a site with a big chip on their shoulders.

As for the AT&T mess up - This wasn't the work of any devious international hacker organization with criminal ties who brazenly hacked their way into the system and got a hold of sensitive info. This happened because of pure incompetence by AT&T.

Who needs hackers, when the morons put the information out there themselves?

 

[RubberChicken]

International press have been the same with Foxconn and Apple too. Yes, they do manufacture Apple hardware, but Apple is one of their smallest customers. They employ 800,000 people, and their suicide rates are below the Chinese national average, where the average is 27th in the world.

It is sad people have committed suicide. The fact the press have used Apple's name in it makes no sense.

Agreed. Very hard to find the facts among the media beat up. But that's true for a lot of media coverage these days, who wants to let facts get in the way of drama and page clicks?

 

[Compile 'em all]

I like how apple has had Tons of sercutity holes in the phone over the years and AT&T has one and it's the end of the world.

Can you please list these "tons" of security holes and how they were utilized in the real world?

 

[jzuena]

This is why it is good, here in the UK for example, to have more than one 3G provider out there. We have four providers; Vodafone, 3, O2 and Orange... and if only one of those made a cock-up on the scale of AT&T's like this, the problem would be faaaaar less serious. A quarter less serious, infact.

We have four 3G providers in the US, too. Its just that only one of them uses the correct mobile technology on the correct frequencies to interact with Apple's kit. Verizon and Sprint use CDMA/EV-DO (Sprint also already has 4G, but uses WiMAX instead of LTE). T-Mobile and AT&T use GSM/HDSPA, but T-Mobile uses the 1.7 GHz band for their HDSPA and the iPhone uses the 1.9 GHz band.

 

[RubberChicken]

...What I want to know is why this "Goats Security" group did not simply notify AT&T rather than getting 114k+ emails and then sharing them with the world. Shouldn't the FBI be going after them?

Not only did they retrieve a huge number of names, they shared their script for doing so with others, and they shared that list of email addresses with others. Its not suppose to to work that way. What they did is a federal crime.

Agreed. When I read the story I could not believe that what these people did was not the focus of interest. Security holes happen to everyone, how quickly they are fixed and what people do with them is what's important. Again, we have people acting in a clearly unethical and highly illegal manner and it's tucked away in the middle as though business as normal.

 

[PinkyMacGodess]

Why only 114k of them? Is that the entire list of iPad 3g purchasers or just the snooty elites that got freebies and are the 'rich and powerful'?

My god, AT&T looks worse over time...

There should be a law that if this kind of thing happens, the entire management team gets their home phone numbers released to the throngs that have been exposed. Let them deal with calls at 3AM from pissed off customers...

 

[goobot]

Can you please list these "tons" of security holes and how they were utilized in the real world?

The SMS hack that gave them full controll of your phone and it's info.

And the way around the passcode lock

those two are the biggest