jlibuszowski (1830100) writes "In what is one of the largest email breaches in recent history, nearly 114,000 Ipad 3G Email addresses have been compromised. The breach was carried out by a group calling themselves Goatse Security (http://security.goatse.fr/), who claimed to have been able to carry out the compromise of emails of some high ranking Military and Corporate officials. So how was Goatse Security able to get their hands on this enormous amount of data? Well each Ipad device has a unique ICC-ID, an internal chip that corresponds with the sim number of the device. The group was able to harvest a large group of ICC-ID's, by guessing the algorithm based on known ID's from iPad pictures posted online. And apparently AT&T left a script open on their public website, which when handed an ICC-ID (Integrated Circuit Card Indentifiers) would reply back with the email address of the individual subscriber. Even more troubling before notifying AT&T about the breach, they shared the exploit with several individuals, so there is no knowing how many people got their hands on the affected data.
Some of the individuals whos email addresses were compromised included; White House Chief of Staff Rahm Emanuel, Diane Sawyer of ABC News, Janet Robinson CEO of the New York times and countless other CEOs, CFO's, CTO's, CIO's and military personal.
How did Goatse get this treasure trove of data? Apparently AT&T left a script on their public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps.
Further details can be found on Gawkers website at http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed?skyline=true&s=i"
Link to Original Source