SAN FRANCISCO AT&T Inc. on Wednesday acknowledged a security weak spot that exposed the e-mail addresses of apparently more than 100,000 users of Apple Inc.'s iPad, a breach that could make those people vulnerable to precision-targeted hacking attacks.
The vulnerability only affected iPad users who signed up for AT&T's "3G" wireless Internet service.
It involved an insecure way that AT&T's website would prompt iPad users when they tried to log into their AT&T accounts through the devices. The site would supply users' e-mail addresses, to make log-ins easier, based on unique codes contained in the SIM cards inside their iPads. SIM cards are used to tell cell-phone networks which subscriber is trying to use the service.
The hacker group that claims to have discovered the weakness the group calls itself ****** Security said it was able to trick AT&T's site into coughing up more than 114,000 e-mail addresses, including those apparently of famous media personalities and important government officials.
A representative for the group told The Associated Press late Wednesday that the group contacted AT&T and waited until the vulnerability was fixed before going public with the information. AT&T said the problem was fixed Tuesday but that it was alerted to it by a business customer.
Gawker Media Inc.'s Valleywag website earlier reported on the breach.
AT&T said it will notify all iPad users whose e-mail addresses may have been accessed.
"We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted," the company said in a statement.
AT&T noted that the only information hackers would have been able to steal using this attack were users' e-mail addresses. But that can be enough to launch a highly effective attack, since the attacker also knows that the person receiving the e-mail is an iPad user and an AT&T customer and would expect to receive e-mail from Apple and AT&T about their accounts. Criminals could use that knowledge to trick them into opening e-mails that plant malicious software on their computers.
An Apple representative deferred requests for comment to AT&T.
http://news.yahoo.com/s/ap/20100610/ap_on_hi_te/us_apple_ipad_data_breach_4
Just saw this in the news.... Please be careful with your email if you may be affected...
The vulnerability only affected iPad users who signed up for AT&T's "3G" wireless Internet service.
It involved an insecure way that AT&T's website would prompt iPad users when they tried to log into their AT&T accounts through the devices. The site would supply users' e-mail addresses, to make log-ins easier, based on unique codes contained in the SIM cards inside their iPads. SIM cards are used to tell cell-phone networks which subscriber is trying to use the service.
The hacker group that claims to have discovered the weakness the group calls itself ****** Security said it was able to trick AT&T's site into coughing up more than 114,000 e-mail addresses, including those apparently of famous media personalities and important government officials.
A representative for the group told The Associated Press late Wednesday that the group contacted AT&T and waited until the vulnerability was fixed before going public with the information. AT&T said the problem was fixed Tuesday but that it was alerted to it by a business customer.
Gawker Media Inc.'s Valleywag website earlier reported on the breach.
AT&T said it will notify all iPad users whose e-mail addresses may have been accessed.
"We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted," the company said in a statement.
AT&T noted that the only information hackers would have been able to steal using this attack were users' e-mail addresses. But that can be enough to launch a highly effective attack, since the attacker also knows that the person receiving the e-mail is an iPad user and an AT&T customer and would expect to receive e-mail from Apple and AT&T about their accounts. Criminals could use that knowledge to trick them into opening e-mails that plant malicious software on their computers.
An Apple representative deferred requests for comment to AT&T.
http://news.yahoo.com/s/ap/20100610/ap_on_hi_te/us_apple_ipad_data_breach_4
Just saw this in the news.... Please be careful with your email if you may be affected...
