Roughly 114,000 Apple iPad users’ e-mail addresses were leakedthis week, and now the FBI is looking into the matter to determine the threat level. Given the iPad’s stunning popularity and the frightening number of affected owners, many questions need answering. Here’s a FAQ about Apple and AT&T’s new relationship with federal investigators.
Basically, a group of hackers discovered a flaw on AT&T’s Web site, stole a ton of iPad owners’ identifying information, and gave the data to a popular blog. The security hole has since been plugged.
The hackers go by the name Goatse Security and have previously been responsible for unearthing vulnerabilities in Web browsers and in Amazon’s community ratings system, according to Valleywag.
Goatse found a buggy Web application on AT&T’s Web site that returned an iPad user’s e-mail address when it was sent specially written queries. These queries involved ICC-IDs (Integrated Circuit Card Identifiers) — unique numbers given to iPad owners that identify iPads connected to AT&T’s mobile network. Goatse then wrote an automated script that repeatedly sent thousands of random ICC-IDs, downloaded the e-mail addresses, and then gave them to the Gawker sister site Valleywag.
Gawker is a parent of the tech blog Gizmodo, which made headlines by nabbing an iPhone 4 way before its official release.
Only those with 3G iPads were struck. Here’s a condensed list of victims, courtesy of The New York Times:
- Military personnel
- The Senate
- The House
- The Justice Department
- The New York Times Company
- Dow Jones
- Condé Nast
- Time Warner
- The News Corporation
Celebrities such as Diane Sawyer also stomached the blow.
Valleywag points out that the e-mail list includes people privileged enough to receive an iPad prior to its wide release. This is not to say average iPad owners were not affected — that information cannot be confirmed.
Who’s to Blame?
First and foremost, it’s pretty clear that AT&T shoulders most of the responsibility for this incident, and the company admits as much. “We apologize that this happened. Nothing is more important to us. It’s the No. 1 priority, protecting customer privacy,” AT&T spokesperson Mark Siegel told CNET. Another AT&T spokesperson sponged blame from Apple’s corner by saying, “This is an AT&T issue … and people should feel comfortable using their iPads.”
Aside from apologetic promises to inform customers who were impacted, AT&T hasn’t said much, and Apple hasn’t uttered a word to any news organization.
The FBI’s blurb was also succinct: “The FBI is aware of these possible computer intrusions and has opened an investigation,” FBI spokesperson Katherine Schweit told The Wall Street Journal. “It’s very early in the investigation,” Schweit adds.
This public failure certainly won’t bode well for Apple and AT&T. Though reports suggest that AT&T has an exclusive on Apple’s iPhone until 2012 (despite rumors of an upcoming T-Mobile iPhone), and, currently, AT&T is the only mobile data provider for the iPad, the relationship may already be headed towards “I’m just not that into you” territory. At this year’s D8 conference, Steve Jobs delivered a sly dig at AT&T’s widely-loathed network. Jobs also experienced multiple connectivity failures at the unveiling of the iPhone 4, and though those were related to Wi-Fi signals, that didn’t stop an audience member from shouting “Verizon!”