Yesterday we reported on a massive security lapse by AT&T that rendered sensitive personal information about tens of thousands of iPad owners vulnerable. Hackers were able to extract 114,000 individual user’s personal email addresses and their ID used to authenticate them on AT&T’s network.
Some new information has come to light from Gizmodo, detailing how the hackers performed the hack – it’s not pretty reading.
AT&T wanted to offer a convenient way of letting users log into their 3G data plan accounts, auto-populating users email address on the dashboard by referencing the unique identifier (ICC-ID) of the users iPad.
The hackers, realizing this, produced a script that utilized brute force techniques to auto-generate thousands of unique ICC-ID’s, harvesting email addresses as the script went on.
It’s a situation where you can see what AT&T were trying to do, it’s such a shame that most tech-savvy users would recognize how the email addresses were generated. No passwords were stolen but that won’t stop thousands of iPad owners from looking at AT&T with even more of a suspicious eye.
Good idea, ultimately flawed. Some would say that is AT&T in a nutshell.
And now AT&T is trying to enter the Indian market with this kind of second rated fuzzy logic time saving functionalities. But, Indian hackers would not be so good to let them know the flaw in the first place. The damage happens and then ATT would realize what had happened.
By which time, it would have been too late.
I am not happy about this! I already began receiving spam from hackers using my own email address. time for a class action lawsuit against AT&T on behalf of affected iPad owners
apple needs to stop the nonsense about permitting AT&T 3G services solely by AT&T. I would like to sue them as well
That’s right, sue AT&, it’s the American way. AT&T sucks, but suing them because you get spam? Wow… that’s pretty pathetic. I’m talking, pathetic to an extreme degree. Does your momma still dress you?