The email addresses of more than 114,000 Apple iPad users including celebrities and politicians have been exposed in a targeted hacking attack in the US.
The massive security breach leaves all of those affected open to spam and malicious hacking.
The vulnerability affected only iPad users who signed up for AT&T's 3G wireless internet service.
A hacker group that calls itself Goatse Security claims to have discovered the weakness by tricking AT&T's site into giving up the email addresses.
iPad users in the UK will not have been exposed as the breach was an issue with AT&T's security procedures rather than with Apple itself.
The pile of paper which contains more than 114,000 email addresses which was passed to website Gawker by a hacking group.
AT&T admitted today that a security weak spot involved an insecure way its website would prompt users when they tried to log into their AT&T accounts through their iPad.
The site would supply users' email addresses to make log-ins easier, based on unique codes contained in the SIM cards inside their iPads.
White House Chief of Staff Rahm Emanuel and New York Mayor Michael Bloomberg were among those listed.
The emails of CEOs and executives of companies like The New York Times, Time Inc. and Dow Jones as well as senior military personnel were also compromised.
The list was passed to Gawker's Valleywag technology website.
Gawker is part of the same group as Gizmodo, which has been in a running battle with Apple over the past few months after it picked up a prototype iPhone 4 which had been left in a bar by a member of Apple's staff.
A representative for the Goatse group said today they had contacted AT&T and waited until the vulnerability was fixed before going public with the information.
Victims: New York Mayor Michael Bloomberg and Chief-Of- Staff Rahm Emanuel are among those who have been targeted in the hack
AT&T issued a statement which said: 'AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
'This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
'The person or group who discovered this gap did not contact AT&T.
'We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'
Even though only emails have been exposed they can still be used to launch an attack.
Criminals could use that knowledge to trick them into opening emails that plant malicious software on their computers.
Apple refused to comment on the breach.
Apple has sold more than two million iPads since they went on sale two months ago.
The iPad comes in two different set-ups - one that only connects to the internet via wi-fi, and another that also can connect through AT&T's 3G network. The wi-fi-only models are not affected by the breach.
Apple's iPad has been at the centre of a security breach in the US
No comments:
Post a Comment