Lax AT&T security blamed for breach of 114,000 iPad owners email addresses

“Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the wireless-enabled tablet—could be vulnerable to spam marketing and malicious hacking,” Ryan Tate reports for Gawker.

MacDailyNews Take: Gawker owns Gizmodo, which may or may not explain why Tate tries to claim that Apple has suffered an embarrassment when it was AT&T’s security that was breached.

Tate continues, “The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s information was compromised.”

MacDailyNews Take: Again, Gawker owns Gizmodo, which may or may not explain why Tate maladroitly drops in the non-sequitur about how an “Apple employee lost an iPhone prototype in a bar.” It may also explain his use of the word “lost” as opposed to “stolen and fenced.”

Tate continues, “It doesn’t stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed.”

“Goatse Security obtained its data through a script on AT&T’s website, accessible to anyone on the internet,” Tate reports. “When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application.”

Tate reports, “Exacerbating the situation is that AT&T has not yet notified customers of the breach, judging from the subscribers we and the security group contacted, despite being itself notified at least two days ago. It’s unclear of AT&T has notified Apple of the breach… Mobile security consultant and Nokia veteran Emmanuel Gadaix told us that while there have been “vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID… as far as I know, there are no vulnerability or exploit methods involving the ICC ID. Another expert, white hat GSM hacker and University of Virginia computer science PhD Karsten Nohl, told us that while text-message and voice security in mobile phones is weak “data connections are typically well encrypted… the disclosure of the ICC-ID has no direct security consequences.”

Full article here.

MacDailyNews Take: Yet another screw up by AT&T used by Gawker to smear Apple. Wholly unsurprising.

[Thanks to MacDailyNews Readers “Fred Mertz” and “Steve” for the heads up.]


  1. its Apple’s fault even though it is unknown if AT&T;has informed Apple of the breach.

    and label it:

    “Apples Worst Security Breach”

    I wonder how much they paid the pretty shady looking Goatse Security org for the info? or if it really happened

    …..what a bunch of A-HOLES at gizmo-gawk

    I am suddenly rooting for the prosecutors……

  2. So, the latest growing trend by all the in tech world, that feel helpless ( and incompetent) in the face of Apple’s paralyzing innovations and trailblazing inroads is to attack and smear without any relationship to truth or fact.

    Apple’s leaving all the competition in the shit hole, because, as always, its easier to imitate and ripoff rather than innovate and invent.

    Well you can fool some people sometimes but not even the dumbed down ones all the time.

    Apple will shine because it produces the best value for your money and the best products ever that anyone and everyone can use and enjoy – out of the box.

    Think Different, all others continue your mundane rhetoric and FUD.

  3. @caddisfly “its Apple’s fault even though it is unknown if AT&T;has informed Apple of the breach.”

    Er, well actually it is Apple’s fault…. WHO made the choice of AT&T;and signed an exclusive contract with them?

    Apple is a fault. They would not be if hey gave their customers freedom of choice in wireless providers.

  4. At first I panicked, but then I realized that I was in elite company. I’m cool with that, especially since it’s your *account* email they may have obtained, not the actual email addresses you use with your iPhone. Your account emaill address should be the one you don’t mind being spammed.

    Also…Goatse Security????

    I can only imagine their logo…their tagline must be “we won’t let this happen to you”.

  5. Gawker should be taken out and shot for misrepresentation and defamation. I could do a better job of reporting than any Gawker hack.

    Truly despicable. I’m boycotting all Gawker news sites forthwith.


  6. My response:
    This article is pathetic. The color of Gawker Media’s “journalism” is pure piss yellow at this point.

    Your loser efforts to smear Apple obfuscate the real issue, and that’s AT&T;security.

    The article’s over bashing of Apple because of an AT&T;leak is so pathetically obvious it makes you look like simpering whiners. Ryan Tate you should be ashamed. Do you really think your readers are this stupid? Do you really think they aren’t snickering at you?

    Are you this bitter for being outed as thieves and lowlives? It’s no one’s fault that you chose to purchase stolen property but your own.

    A professional would simply have said, “Upon reflection, we realize that we were wrong and that our actions were not protected by the shield law and we humbly apologize to all serious journalists for our actions, and of course Apple Computer.” You might have garnered a bit of respect.

    Instead, you blatantly whine like immature children.

    Sad. I for one will be contacting your advertisers and telling them what I think.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.