The group, which calls itself Goatse Security and has pointed out vulnerabilities in the Firefox and Safari browsers before, got the data through a script on AT&T’s website. The script would return an e-mail address associated with a numerical iPad ID, which Goatse hackers guessed for thousands of accounts.
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":189816,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,social,","session":"D"}']Gawker tested the data by contacting some of the people on the list and verifying their iPad IDs and e-mail addresses. The list they received also included many military accounts, pictured below.
[Update: AT&T said the loophole was closed after the company was informed by one of its business customers about the issue, not a member of a hacker group. It added that the only information that could have possibly been exposed was a person’s e-mail address.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
“This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses,” a company spokesperson said.]
For more detail on how it worked, check out Gawker’s coverage here.
[Photo: plasmastik]
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More