Web security group Goatse Security discovered that a security flaw in the website of iPad carrier AT&T means that every iPad 3G owner in the US could be vulnerable to spam and malicious hacking, according to US reports.
Goatse obtained the iPad user data through a script on AT&T's website, which it claims is accessible to anyone on the internet.
Apple has yet to comment, but AT&T issued a statement that acknowledged the leak but said the risk was limited to the iPad subscriber's email address and the issue had been "escalated to the highest levels of the company".
The company said the vulnerability has been dealt with by turning off the feature that provided the email addresses.
"We are continuing to investigate and will inform all customers whose e-mail addresses may have been obtained", AT&T said.
Apple has sold more than two million iPads since the device went on sale in the US at the start of April, but analysts said the leaks could slow sales of the more profitable 3G version because of security concerns.
This story was first published by Computer Weekly