Hackers found a way in to AT&T's iPad 3G registry and, using a brute-force attack based on unique ICC-ID numbers, managed to pull down corresponding email addresses for those users -- who include members of the US military, executive branch, and media companies.
AT&T has since closed the vulnerability and issued the following statement:
"AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."
So once again it's the convenience of the cloud vs. the security of customer information. Increasingly we're trusting online accounts and services with our personal and financial information, and high-profile incidents like this, if nothing else, force everyone to re-examine what we trust and with whom.
How serious is this loss of data to you? Does it make you hesitant to signup online or on-device?
[Gawker, who curiously cal]