Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Hardware - Troubleshooting and Discussion > iPhone, iPad & iPod > AT&T breach exposes 114000 iPad users' emails and ICC-IDs

AT&T breach exposes 114000 iPad users' emails and ICC-IDs
Thread Tools
Eug
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Jun 9, 2010, 11:53 PM
 
Ouch

Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking.

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.

It doesn't stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed. We contacted Apple for comment but have yet to hear back. We also reached out to AT&T for comment. A call to Rahm Emanuel's office at the White House has not been returned.






The New York Times has emailed all staff suggesting they "turn off your access to the 3G network on your iPad until further notice" while the newspaper's engineers and security staff investigate the issue.
     
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 10, 2010, 12:27 AM
 
     
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Jun 10, 2010, 02:57 AM
 
Much better thread title though.
     
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jun 10, 2010, 03:09 AM
 
Tis true.

-t
     
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Jun 10, 2010, 03:49 AM
 
The blackout technique used on that picture isn't impressing me. It's a fixed font, possibly Courier, and even if we couldn't find the font, the page provides all numbers except (6,7). All letters except (k,q,x,z).

Most of the ID numbers can be determined by the visible pixels. Some of the letters can be determined as well. Perhaps enough to guess the missing letters on a few of the addresses.
     
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Jun 10, 2010, 04:27 AM
 
"G oatse Security" is a subset of the GNAA, btw - which is nicely in tone with the juvenile pranks and "journalism" the Gawker perpetrates and condones.

AFAICS, that list has been publicised anyway, so half-heartedly blanking it out at this point is a Gawker-style pseudo-legalese fig leaf.
     
Mac Elite
Join Date: Jul 2002
Location: Toronto, Canada
Status: Offline
Reply With Quote
Jun 10, 2010, 07:39 AM
 
I've lost all respect for Gawker. Hopefully enough people will feel the same for them to see their page views tumble.
     
Addicted to MacNN
Join Date: Sep 2000
Location: Isle of Manhattan
Status: Offline
Reply With Quote
Jun 10, 2010, 09:51 AM
 
Some articles I've read blatantly make it sound as if this was Apple's fault - in terms of the device's own security. Some people just can't wait for Apple to be attacked by hackers.
"Faster, faster! 'Till the thrill of speed overcomes the fear of death." - HST
     
Addicted to MacNN
Join Date: Jan 2002
Location: PDX
Status: Offline
Reply With Quote
Jun 10, 2010, 01:17 PM
 
As far as tech blogs go, I used to regularly visit Gizmodo and Engadget. At the time I thought they were pretty much equal, with slightly different angles on stories. But then the whole iPhone 4 debacle came about and Gizmodo showed their true colors. I have since stopped visiting Gizmodo, and I have been paying more attention to how these sorts of blogs handle themselves. I must say that Engadget is far and above Gizmodo on professionalism. I haven't missed Gizmodo one bit since I stopped visiting.

Just see how Giz handled this story vs. Engadget.
     
Eug  (op)
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Jun 10, 2010, 01:53 PM
 
AT and T Said to Expose iPad Users’ E-Mail Addresses - NYTimes.com

But experts said that ICC-ID numbers could, in the right hands, be used to get other information, like an iPad’s location.

The breach “should be worrying people a lot,” said Nick DePetrillo, an independent security consultant.

Michael Kleeman, a communications network expert at the University of California, San Diego, said that AT&T should never have stored the information on a publicly accessible Web site. But he added that the damage was likely to be limited.

“You could in theory find out where the device is,” Mr. Kleeman said. “But to do that, you would have to gain access to very secure databases that are not generally connected to the public Internet.”
     
-Q-
Moderator
Join Date: Jan 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Jun 10, 2010, 02:47 PM
 
Originally Posted by ::maroma:: View Post
I must say that Engadget is far and above Gizmodo on professionalism. I haven't missed Gizmodo one bit since I stopped visiting.
I stopped visiting Giz as soon as they pulled that lame stunt at CES years ago. With the wife being an event planner, I know far too well the amount of effort that goes into putting together a trade show booth. They don't need jackasses like those that work for Gizmodo making it more difficult. Not to mention their actions damaging the reputations of other web-only news organizations and making them appear less professional than their print-based colleagues.

And that security breach should be a black eye on AT&T, not Apple. What the heck did Apple do, other than trust AT&T to not be morons with data security?
     
Addicted to MacNN
Join Date: Jan 2002
Location: PDX
Status: Offline
Reply With Quote
Jun 10, 2010, 03:08 PM
 
Yeah, its clear that Gawker has a grudge against Apple, as well as Apple having a grudge against Gawker. So far Apple has acted in a more professional manner over this whole thing (surprise surprise!).

As far as this security breach goes, I'm not too worried about it (as an iPad owner). So someone might have my email address? Wow, thousands of spammers already have my email address. Big deal. If the "hackers" get more sensitive information, then I might start to worry. So far its just email addresses, right? *yawn*
     
Addicted to MacNN
Join Date: Jan 2001
Location: detroit,mi,usa
Status: Offline
Reply With Quote
Jun 10, 2010, 04:46 PM
 
Originally Posted by ::maroma:: View Post
Yeah, its clear that Gawker has a grudge against Apple, as well as Apple having a grudge against Gawker. So far Apple has acted in a more professional manner over this whole thing (surprise surprise!).

As far as this security breach goes, I'm not too worried about it (as an iPad owner). So someone might have my email address? Wow, thousands of spammers already have my email address. Big deal. If the "hackers" get more sensitive information, then I might start to worry. So far its just email addresses, right? *yawn*
Apple at least certainly has a good reason. Gawker could have reacted in a million better ways, possibly leading to them getting to that "inner circle" of journalists with pre-release access (think mossberg, pogue, etc). They went in with a "nothing to lose" attitude and found out exactly how much they could lose.
     
Eug  (op)
Clinically Insane
Join Date: Dec 2000
Location: Caught in a web of deceit.
Status: Offline
Reply With Quote
Jun 10, 2010, 10:16 PM
 
FBI Opens Probe of iPad Breach - WSJ.com

The Federal Bureau of Investigation has opened an investigation into a possible security breach of AT&T Inc.'s website that exposed the email addresses of some owners of Apple Inc. iPad devices.

"The FBI is aware of these possible computer intrusions and has opened an investigation," said Katherine Schweit, an FBI spokeswoman. Ms. Schweit said the FBI began the investigation Thursday but wouldn't comment on what the bureau is looking at. "It's very early in the investigation," she added.
     
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Jun 10, 2010, 10:29 PM
 
Originally Posted by -Q- View Post
And that security breach should be a black eye on AT&T, not Apple. What the heck did Apple do, other than trust AT&T to not be morons with data security?
For those who understand the story it's clear that it's AT&T's fault. But for the ignorant media that associates anything iPad with Apple, an iPad related data breach becomes Apple's fault.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 12:48 PM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2