Search Form

AT&T website scraped to reveal iPad 3G owners’ email addresses

by Michael Rose (RSS feed) on Jun 9th 2010 at 7:30PM

Unfortunately for AT&T’s security infrastructure — and equally unfortunately for customers who bought and activated iPad 3G units on the company’s network — a freelance security research team has reportedly scraped two key tidbits of information from thousands of iPad registrations. As Gawker reports, the hackers exploited a script on AT&T’s site by feeding it ICC-IDs (the GSM SIM card’s identifier code) harvested from iPad user screenshots and interpolated to cover a wider range. The AT&T site obligingly gave back the email address associated with each of the ICC-IDs.

While there’s no specific security risk associated with the pairing of ICC-ID and the email address of a subscriber — other than the likelihood of spam or the possibility of phishing — it’s still a bad, bad thing to be giving away customer data out the front door. How many pairs of IDs and emails did the gang at Goatse Security (yes, that’s their name) manage to collect before AT&T became aware of their activities? About 114 thousand….


2 Comments... What's your say?

  1. found your site on today and really liked it.. i bookmarked it and will be back to check it out some more later

  2. Terrific work! This is the type of information that should be shared around the web. Shame on the search engines for not positioning this post higher!

Join in, share your thoughts

You must be logged in to post a comment.