AT&T blasts 'hackers' over iPad data breach

AT&T (NYSE:T) blamed "computer hackers" for exposing the email addresses of some Apple (NASDAQ:AAPL) iPad 3G users last week as it sought to explain why the data breach occurred. 

In an email sent to those affected by the security breach, which was first reported last Wednesday, AT&T said that the hackers had "maliciously exploited" a function on its website to allow iPad users to quickly log in.

"AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers' information or company websites," the company said. The flaw came to light after a group of computer security experts called Goatse Security discovered the flaw. The group was able to access the information by creating a program that guessed iPad ID numbers connected to users' email addresses, including those of prominent business leaders, politicians, journalists and those in the military.

The carrier again apologized for the breach and said it will cooperate with any investigation of the incident. The FBI said last week that it was beginning a probe into the matter. The security flaw exposed the email addresses of more than 114,000 customers, and was a public relations black eye for AT&T and Apple.  Apple has sold more than 2 million iPad tablets so far. The email was sent by Dorothy Attwood, AT&T's senior vice president for public policy and chief privacy officer, and said that the security group distributed the lists of email addresses for its own publicity. 

However, Escher Auernheimer, a member of Goatse, defended his group's actions. "If not for our firm talking about the exploit to third parties who subsequently notified them, they would have never fixed it and it would likely be exploited by the RBN or the Chinese, or some other criminal organization or government (if it wasn't already)," he wrote in a blog post. "AT&T had plenty of time to inform the public before our disclosure. It was not done. Post-patch, disclosure should be immediate--within the hour. Days afterward is not acceptable."

For more:
- see this WSJ article (sub. req.)
- see this Reuters article
- see this ZDNet post

Related Articles:
FBI probing AT&T iPad security breach
iPad security flaw exposes subscriber data
Apple sells 2M iPads in 60 days
Apple unveils tablet, dubbed iPad, starting at $500