Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AT&T Accidentally Shares 114,000 Ipad Email Ad

jlibuszowski (1830100) writes | more than 3 years ago


jlibuszowski (1830100) writes "In what is one of the largest email breaches in recent history, nearly 114,000 Ipad 3G Email addresses have been compromised. The breach was carried out by a group calling themselves Goatse Security (http://security.goatse.fr/), who claimed to have been able to carry out the compromise of emails of some high ranking Military and Corporate officials. So how was Goatse Security able to get their hands on this enormous amount of data? Well each Ipad device has a unique ICC-ID, an internal chip that corresponds with the sim number of the device. The group was able to harvest a large group of ICC-ID's, by guessing the algorithm based on known ID's from iPad pictures posted online. And apparently AT&T left a script open on their public website, which when handed an ICC-ID (Integrated Circuit Card Indentifiers) would reply back with the email address of the individual subscriber. Even more troubling before notifying AT&T about the breach, they shared the exploit with several individuals, so there is no knowing how many people got their hands on the affected data.

Some of the individuals whos email addresses were compromised included; White House Chief of Staff Rahm Emanuel, Diane Sawyer of ABC News, Janet Robinson CEO of the New York times and countless other CEOs, CFO's, CTO's, CIO's and military personal.

How did Goatse get this treasure trove of data? Apparently AT&T left a script on their public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps.

Further details can be found on Gawkers website at http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed?skyline=true&s=i"

Link to Original Source

0 comment

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account