Apple iPad users' e-mail addresses harvested by hackers

Michael Bloomberg, New York Mayor Will New York Mayor Michael Bloomberg be concerned about his email address being revealed?

Related Stories

The US telephone company AT&T has blocked access to a website feature that revealed details of at least 114,000 iPad users' e-mail addresses.

Contact details for a range of high-profile figures, including White House Chief of Staff Rahm Emanuel are believed to be among those disclosed.

Hackers calling themselves Goatse Security revealed the flaw and shared the data with Gawker Media.

Experts played down the risks, saying little critical data had been lost.

AT&T, which is the only network offering iPad 3G services in the United States, said it would notify all iPad users whose e-mail adresses may have been accessed.

Start Quote

Whilst this breach is serious for having occurred, there does not seem to be any national security risk arising as a result”

End Quote Paul Ducklin Sophos

"We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted," the company said in a statement.

The vulnerability only involved iPad users who had signed up for AT&T's 3G wireless service. iPad users outside of the US were unaffected.

Site bombarded

The breach involved a feature of AT&T's website, which would prompt users when they tried to log in to their AT&T accounts through their iPad.

The site would supply e-mail addresses for users, to enable easier log-in, based on a unique code stored in their iPad SIM card.

The hacker group which claims to have discovered the flaw simply bombarded the site with thousands of requests with made up codes, masquerading as valid requests from iPads.

Gawker Media, which has seen the list of e-mail addresses said it "includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg".

A representative for Goatse Security told the Associated Press that the group contacted AT&T and waited until the vulnerability was fixed before going public.

But AT&T said that it was alerted to the problem by a business customer.

Risk of attack

One concern raised by security experts is that cybercriminals might mount so-called phishing attacks.

They could theoretically create genuine-looking e-mails in the knowledge that individuals are iPad users and customers of AT&T, thereby tricking some into revealing further more useful confidential details.

But if you know the organisation somebody works for, e-mail addresses are often also quite easy to guess, so the value of the e-mail address data has been questioned.

Paul Ducklin, a technology expert from security firm Sophos, also pointed out in a blog entry: "Your e-mail address is revealed on the internet every time you use it to send e-mail.

"Whilst this breach is serious for having occurred, there does not seem to be any national security risk arising as a result, whether White House staffers were involved or not."

More on This Story

Related Stories

FROM OTHER NEWS SITES
Telegraph FBI to investigate AT&T iPad data breach - 5 hrs ago
Sky News FBI Examines iPad Cyber Threat - 5 hrs ago
Yahoo! UK and Ireland FBI Investigates iPad Cyber Security Breach - 7 hrs ago
CNET News What the AT&T breach means for iPad users (FAQ) - 10 hrs ago
Reuters UK UPDATE 2-FBI begins probe into AT&T iPad security breach - 10 hrs ago

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

Elsewhere on the BBC

  • HouseboatLife on the water

    Could a floating house be the home of the future? The BBC's Adam Shaw takes a look

Programmes

  • The Audi RS7Click Watch

    Tech news review of the week including a speed record for a self-driving car

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.