US prosecutors have charged two people with stealing email addresses and other data of about 120,000 users of Apple's iPad after finding a security weakness in AT&T servers.
Prosecutors said the criminal charges arise from a "brute force" hacking over several days last June that affected iPad users who accessed the Internet through AT&T's 3G network.
Among the possible victims were celebrities, businesses executives and government officials like New York City Mayor Michael Bloomberg, ABC News anchor Diane Sawyer, movie mogul Harvey Weinstein and perhaps then-White House Chief of Staff Rahm Emanuel, prosecutors said.
Daniel Spitler and Andrew Auernheimer, the defendants, were each charged with one count of fraud and one count of conspiracy to access a computer without authorisation.
Prosecutors said both defendants were associated with Goatse Security, a group of "self-professed Internet 'trolls'" who try to disrupt online content and services, and which last June revealed the hacking.
They said Auernheimer has bragged in published interviews about his trolling activities.
Lawyers for the defendants could not immediately be located. Apple spokeswoman Trudy Muller and AT&T spokesman Mark Siegel declined to comment.
Responding to an email request for comment to Goatse, Sam Hocevar, a member of Goatse's "team" according to the group's website, confirmed the charges relate to the June hacking. He said he did not have additional information.
Apple launched the iPad last April, and industry analysts on average expect the company to have sold 5.5 million of the tablet computers in its fiscal first quarter, which includes the holiday shopping season.
According to the complaint, the defendants used an "account slurper" to conduct a "brute force attack" on AT&T servers, randomly guessing at user data until it could match names with emails.
Spitler and Auernheimer then supplied the stolen data to the gossip website Gawker, which published some of the detail, prosecutors said.
AT&T was Apple's partner in the United States to provide wireless service on the iPad. After the hacking, it shut off the feature that allowed email addresses to be obtained.
Spitler is expected to appear later Tuesday in federal court in Newark, New Jersey. Auernheimer is expected to appear in a Fayetteville, Arkansas federal court.
The case is U.S. v. Spitler et al, U.S. District Court, District of New Jersey, No. 11-mag-04022.
(Reporting by Jonathan Stempel in New York; Additional reporting by Sinead Carew, editing by Dave Zimmerman and Derek Caney)