Follow us on Twitter
Follow us on FacebookiPad 3G user e-mail addresses leaked by AT&T servers
@ 2010/06/10At least 114,000 e-mails addresses and ICC-IDs were leaked by a security hole in AT&Ts servers, according to a Valleywag report. The e-mail addresses of numerous government and military officials as well as many Fortune 500 CEOs were among those revealed in the leak.
A group calling itself "Goatse Security" revealed the flaw to Valleywag after it had used the flaw to harvest thousands of e-mail addresses. AT&T has since closed the hole, but the group said that the flaw may have been exploited by other hackers who knew how the flaw worked before AT&T fixed it.
A script on AT&T's servers was designed to return an iPad 3G user's e-mail address when presented with a unique ICC-ID—a serial number embedded in the microSIM that identifies a particular iPad to AT&T's cellular network. Goatse Security then guessed a range of valid ICC-ID numbers from some that had been published online (available in screenshots of the Settings app, for instance), and used those to mine AT&T's servers for e-mail addresses.
A group calling itself "Goatse Security" revealed the flaw to Valleywag after it had used the flaw to harvest thousands of e-mail addresses. AT&T has since closed the hole, but the group said that the flaw may have been exploited by other hackers who knew how the flaw worked before AT&T fixed it.
A script on AT&T's servers was designed to return an iPad 3G user's e-mail address when presented with a unique ICC-ID—a serial number embedded in the microSIM that identifies a particular iPad to AT&T's cellular network. Goatse Security then guessed a range of valid ICC-ID numbers from some that had been published online (available in screenshots of the Settings app, for instance), and used those to mine AT&T's servers for e-mail addresses.
