A network security flaw exposed iPad users personal information reported Gawker, that exposed email addresses and ICC network IDs of over 114,000 iPad users.
AT&T apologized and said it would inform customers who had been affected by the breach. AT&T has corrected the problem.
Goatse Security, wrote a script that harvested iPad 3G owners' ICC-IDs and email addresses by exploiting a security hole in an AT&T website. (An ICC-ID, is an integrated circuit card identifier used to identify the SIM with a subscriber.)
To get the AT&T's servers to respond, the security group sent an
iPad-style "User agent" header in their PHP web request.
AT&T responded with this email:
"AT&T was informed by a business customer on Monday of the
potential exposure of their iPad ICC IDS. The only information that can
be derived from the ICC IDS is the e-mail address attached to that
device.
This issue was escalated to the highest levels of the company and was
corrected by Tuesday; and we have essentially turned off the feature
that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose
e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this
problem, we apologize to our customers who were impacted."
Gawker claims it was informed of the flaw and given a list of the
email addresses--which include addresses of celebrities, politicians and
chief executives--by a group of hackers.Gawker also claims that the hackers did contact AT&T.