AT&T-iPad 3G Security Breach: Over 100,000 Apple iPad 3G Owners' Data Exposed

A recent attack of AT&T's servers resulted in the harvesting of over 100,000 e-mail addresses belonging to owners of the new Apple iPad 3G which went on sale April 30th.

Email addresses of 114,000 people were compromised on Wednesday from what was identified as a 'Brute force' attack on poorly designed software used by AT&T on their servers. The hackers responsible for scraping the email address data is known as the Goatse Security group which is composed of about nine individuals.

The attack was first confirmed on Wednesday by AT&T to the technology blog Gizmodo.

Security researches have reportedly said that this was no classic hack, breach or infiltration that we have seen happen in the past for theft of email addresses. Basically, this attack was the result of a poorly designed web application that returns email addresses when a unique SIM card number is passed to it. This number used is known as an ICC-ID (Integrated Circuit Card Identifier) or what is also known as the number of the mobile devices' SIM card, such as the one found in the iPad 3G, is assigned for identification purposes.

The email address, used by iPad 3G customers when they signed up for a wireless data plan with AT&T, was the one scraped in the attack. This email address is used to populate one of the two log-in fields in the iPad's settings screen so each user has to enter only one password to check their account status. The other field is populated by the SIM card's 19-digit ICC-ID.

Some of the email addresses harvested belonged to White House Chief of Staff Rahm Emanuel, ABC News Anchor Diane Sawyer and even New York Mayor Michael Bloomberg. The hackers managed to harvest some of the email addresses by guessing the ICC-ID numbers of iPad 3G owners based on known IDs from iPad images posted online.

AT&T said in a statement, "We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained." They also disclosed "We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."

Is their any company that you trust with your personal information nowadays?