Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking. The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s information was compromised.
It doesn’t stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed. We contacted Apple for comment but have yet to hear back. We also reached out to AT&T for comment. A call to Rahm Emanuel’s office at the White House has not been returned.
The specific information exposed in the breach included subscribers’ email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T’s network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber. The subscriber data was obtained by a group calling itself Goatse Security. Though the group is steeped in off-the-wall, 4chan-style internet culture—its name is a reference to a famous gross-out Web picture—it has previously highlighted real security vulnerabilities in the Firefox and Safari Web browsers, and attracted media attention for finding what it said were flaws in Amazon’s community ratings system.
Apple should have known nothing good can come out of a relationship with AT&T.
The Apple fan-boys are already coming out in droves.
We could set a drinking game – take a drink every time Leo Laporte says it is not Apple’s fault. I figure everyone will be totally wiped after the first hour.
Goatse security is tied to the Chinese google debacle and its even creepier when you find out that they are a subsidiary of tubgirl Interpol.
While masked, they sail the seas of cheese in a tub.
AT&T’s sites are infamous for their holes.
Just start calling it the ‘iPaid’. Maybe this is why they only accepted Credit Cards?
Dear Steve,
I hope you’re enjoying your bolted-down, closed-off, walled garden as much as all of your (compromised) iPad customers are.
Have a great day!
“The specific information exposed in the breach included subscribers’ email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T’s network” – this is not only AT&T breach, just it is made popular by the fact that iPad is popular.
Few years ago we quit Verizon ISP service. We started receiving spam e-mails to the ISP-e-mail we have not used a single time (it have been monitored for messages from Verizon only). As these often are, username was completely random, no guessing it. Worse, spammers have had the real name associated with the account as well! The only way this could have happened is some breach of Verizon system equivalent to this AT&T breach. Verizon refused to do anything, we assumed that their system is hacked and left…
It’s hard to believe this could happen to “thousands of A-listers” and “an elite array of early adopters”. The horror!
Dang! The big reason apple is more secure than PicoFlaccid is that they have fewer machines out there and are less of a target. I guess this is what comes with selling a million of the things so quickly. Perhaps they should have stuck to the high end machines and not tried to get the low end market as well.
It looks like Goatse Security was extremely ethical about this. They disclosed the vulnerability to AT&T and waited until the hole was fixed before going public.
But for some reason they didn’t get a thank you from AT&T…
I’m guessing Leo Laporte ain’t going to be happy since he owned about 100k of the things all by himself…
# 11 qb:
“It looks like Goatse Security was extremely ethical about this.”
I wonder. The article is not really clear, but it appears to me that it was this “web security group” that did the original hack, and that “the script was shared with third-parties prior to AT&T closing the security hole”!!! That doesn’t sound very white-hat ethical to me — it sounds like a bunch of adolescents boasting about their exploits to their buddies, showing the hacker community how it was done, then notifying AT&T. People have gone to jail for years for less! I recommend each and every one of those guys put a good lawyer on speed-dial. Maybe they can pool their allowances and go in together on one…
No one here apparently knows anything about computing, telecommunications, commerce, or responsibility. But, then, no surprise either.
Everyone rants about Apple. The system compromised was AT&T.
Most of the commenters over at Gawker – who did turn this up – rant about Gawker’s sophistry in making this an Apple issue. Which obviously appeals to the same hangups here.
Nothing results from this “stupendous” hack other than uncovering a lot of public email addresses. Whoop-de-doo.
Gee, do you think someone might receive spam for the first time in their online life?
The hack of the century – for dimwits who know nothing of either hacking or social engineering. You lot are so easy to manipulate.
Surely you jest us with this news. Apple is spam, virus, and Gods know what-ever free that Jobs keeps telling the sheep’s.
haters gonna hate
Jobs is doing a good job keeping this security problem under wraps.
The Mainstream Media seems to be avoiding any reporting on the screw up.
“Everyone rants about Apple. The system compromised was AT&T.”
True. However, if Apple has designed iPads and iPhones to only use AT&T, then all iPhones and iPads are compromised. Get Jobs and his tap dancing ways out of there, and call in Steve Wozniak (and some others) to figure out how to engineer a secure system for these toys.
They should have stored the data on Macs. I hear those things are IMPOSSIBLE to hack.