June 10, 2010 1:59 am

AT&T confirms breach of iPad buyer data

  • Share
  • Print
  • Clip
  • Gift Article
  • Comments

AT&T confirmed late on Wednesday that it had found a flaw in its website that could be exploited by hackers to obtain a limited amount of information about some purchasers of Apple’s iPad device.

The US telecoms company refused to comment, however, on claims by a security outfit called Goatse Security that it had been able to use the flaw to obtain information about 114,000 iPad owners.

AT&T’s admission about the embarrassing security glitch came after the Valleywag internet blog published Goatse’s claims that it had obtained personal e-mail addresses, as well as the unique codes, known as ICC-ID numbers, of the SIM cards inside iPads running on the AT&T network.

AT&T confirmed that the vulnerability exposed these two types of information, though it said it was still investigating the claims of a security breach. It said it had been informed of the vulnerability by a business customer on Monday, and that the problem had been “escalated to the highest levels of the company”.

It added that it had “corrected’ the problem on Tuesday after it “essentially turned off the feature that provided the e-mail addresses”, though it refused to give further details.

Goatse claimed to have used a so-called “scripting” attack to gather information about AT&T’s iPad customers. This is a common method for hackers to penetrate websites; such attacks involve planting code on a site that can then track sensitive information about other users.

Copyright The Financial Times Limited 2016. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.

  • Share
  • Print
  • Clip
  • Gift Article
  • Comments

EMAIL BRIEFING

Sign up to #techFT, the FT's daily briefing on tech, media and telecoms.

Sign up now

NEWS BY EMAIL

Sign up for email briefings to stay up to date on topics you are interested in

SHARE THIS QUOTE