Skip to main content

100,000 Apple iPad owners' details exposed

A security breach has exposed over 100,000 iPad owners security details, in a cock-up that seems to be the fault of the device's U.S. carrier AT&T.

According to Gawker (opens in new tab) the data were snaffled up by a "web security group", Goatse Security. (opens in new tab)which showed the results of it activities to the news site as well as notifying AT&T of the breach.

The, um, not-really-hackers obtained the data through a script on AT&T's website, apparently accessible to anyone on the Internet.

With a bit of jiggery-pokery they were able to download email addresses and information about some 114,067 iPad 3G users.

Gawker had a poke about in the data and found an elite bunch of early adopters, including military officials at DARPA, the research division of the Department of Defense, the chief of the U.S.' equivalent of bomber command, top executives at the New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst. Alos identifyable on the list were folk at Google, Amazon, Microsoft and AOL, and government officials from the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health, among others.

Although there is evidence that 114,000 user accounts were compromised, it remains possible that confidential information pertaining to every iPad 3G owner in the U.S. has been exposed.

Apple is yet to comment on the cock-up, but AT&T released the following statement:

"AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device. This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

"The person or group who discovered this gap did not contact AT&T. We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.

"We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted." monitors all leading technology stories and rounds them up to help you save time hunting them down.