AT&T Security Breach Exposes Thousands Of iPad Owners’ Emails (But Luckily, Little Else)

AT&T Security Breach Exposes Thousands Of iPad Owners’ Emails (But Luckily, Little Else): "

A security flaw in one of AT&T’s customer-identification scripts has allowed a group of 4chan-associated hackers to extract as many as 114,000 email addresses of iPad owners. AT&T has apologized and explained the flaw and data leaked. Essentially, a bit of open information (the SIM card’s ICC-ID) was tied to a piece of private information (the iPad owner’s email address) so that on encountering certain AT&T fields, it would automatically fill in the field with the appropriate email. Think the “Remember this password?” notifications that pop up when you register for a site, but a little more low-level.


The hackers, a group known as Goatse Security (I’ll let you work out the reasoning for the name yourself), organized a brute-force attack in which they pummeled a public AT&T script with semirandom ICC-ID numbers, which would return nothing if invalid but an email address if valid. A few hours later, they had the ICC-IDs and email addresses of everyone from Michael Bloomberg and Diane Sawyer to a Mr. Eldredge, who commands a fleet of B-1 bombers.


Continue reading…








"

Please "Like" Us - In upper left Corner

Blog Archive