Vulnerability researchers Goatse Security claim to have found a security flaw in AT&T's protocols that has given access to the personal data of over 114,000 iPad buyers.
According to Gawker the group ran an open script on AT&T's web site which would pass on the email addresses of owners based on the ID number of their 3G iPad.
By guessing an ID number range from publicly available web site images the team wrote a PHP script which then harvested email addresses from a huge number of iPad 3G owners.
The total bag came to 114,067 buyers, including the address for the White House chief of staff Rahm Emanuel, the head of the US B1 strategic bomber group and numerous executive in Apple, Google, Microsoft and Amazon.
Also included were executives at the New York Times, Dow Jones, Viacom, Time Warner, News Corporation and staff officers in the Senate, the House of Representatives, the Department of Justice, NASA and the Department of Homeland Security.
There is no currently known way to use AT&T ID codes for accessing data on the iPad but researchers at Goatse Security reportedly expressed concerns that the vulnerability, coupled with existing problems in the safety of GSM for reliable data transfer, could leave more data open to hacking.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
