Related Links

Top 5 Stories


AT&T hit by another data breach

16 June 2010

Within days of researchers from Goatse Security finding a flaw in AT&T's website that exposed the e-mail addresses of over 100 000 iPad users, AT&T account information is being leaked.

AT&T customers logging into their accounts to pre-order the Apple iPhone 4 reported that they were given access to the account information of other customers.

Despite entering their own usernames and passwords, the AT&T system would take them to another user's account, according to gadget blog Gizmodo, which broke the news.

Some users said when they refreshed the web page, the site returned the correct account information.

AT&T said told Gizmodo that it could not replicate the problem but noted that reports of the problem indicated some data, such as social security numbers and credit card numbers, was not disclosed.

The incident comes just days after AT&T apologised for a leak that disclosed e-mail address for more than 100,000 iPad customers, including top business executives, and government and military officials.

But the company blamed the incident on the Goatse Security researchers who uncovered a flaw in AT&T's website.

The email addresses were disclosed after the researchers discovered that entering a serial number for an iPad SIM card into an application on AT&T's website would reveal the owner's email address.

They wrote a script that would randomly generate serial numbers and submit them to the website, collecting the email addresses that it returned.

AT&T has said it plans to prosecute Goatse Security, but the group insists it did not break the law and that it acted in the public interest.

The FBI has confirmed that it is investigating the incident to find how private information about iPad users was compromised and whether the actions of the Goatse researchers constitute a crime.

This story was first published by Computer Weekly

This article is featured in:
Data Loss  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×