If you own an iPad with 3G connectivity, there’s a chance your e-mail address numbers among the 114,067 leaked by a group that calls itself Goatse Security. As Gawker reports, the group managed to obtain iPad user data by exploiting a script on AT&T’s website. The source article at Gawker includes more details about the methodology.
AT&T has since plugged the security hole, but the damage is done. Gawker published a screenshot of the leaked list showing e-mail addresses ending in us.army.mil, darpa.mil, and faa.gov. The site says the CEOs of the New York Times, Time Inc., and Dow Jones, not to mention the President of News Corp. and New York City Mayor Michael Bloomberg, all had their e-mail addresses leaked, as well.
Gawker blames Apple for the snafu. Considering the Mac maker’s recent conflict with Gawker sister site Gizmodo over the iPhone 4 leak, though, perhaps that angle isn’t too surprising. The folks over at CNet News point their fingers at AT&T, quoting "security experts" as saying the problem is "solely related to security on AT&T’s Web site."
CNet also received this statement from AT&T spokesman Mark Siegel:
"AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device," he said in a statement.
"We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained," he said. "At this point, there is no evidence that any other customer information was shared."
Interestingly, White Hat Security’s Bill Pennington told CNet News that iPad users may not have been the only ones vulnerable to the breach. "I believe this number could identify any 3G device on the AT&T network," he said.