AT&T sends apology email to customers affected by iPad 3G security breach
By Nilay Patel 
posted June 13th 2010 10:47PM
posted June 13th 2010 10:47PM
[Thanks, Brad]
June 13, 2010
Dear Valued AT&T Customer,
Recently there was an issue that affected some of our customers with AT&T 3G service for iPad resulting in the release of their customer email addresses. I am writing to let you know that no other information was exposed and the matter has been resolved. We apologize for the incident and any inconvenience it may have caused. Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.
Here's some additional detail:
On June 7 we learned that unauthorized computer "hackers" maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service. The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen.
The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity.
As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses. Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.
I want to assure you that the email address and ICC-ID were the only information that was accessible. Your password, account information, the contents of your email, and any other personal information were never at risk. The hackers never had access to AT&T communications or data networks, or your iPad. AT&T 3G service for other mobile devices was not affected.
While the attack was limited to email address and ICC-ID data, we encourage you to be alert to scams that could attempt to use this information to obtain other data or send you unwanted email. You can learn more about phishing by visiting the AT&T website.
AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers' information or company websites. We will cooperate with law enforcement in any investigation of unauthorized system access and to prosecute violators to the fullest extent of the law.
AT&T acted quickly to protect your information – and we promise to keep working around the clock to keep your information safe. Thank you very much for your understanding, and for being an AT&T customer.
Sincerely,
Dorothy Attwood
Senior Vice President, Public Policy and Chief Privacy Officer for AT&T
AT&T will never give you up.
@Rick Astley
They're also never gonna let you down.
@Rick Astley Yes, but would they never let you down?
@Waltah
Damn, I just got Rickrolled.
@Waltah lol, you beat me to it. I'm gonna go tell a lie and desert some people.
@Rick Astley is that how you roll.. Rick?
@N900
Just so you never say goodbye.
@Rick Astley but unfortunately, they will drop you.
Your call that is.
@Rick Astley
lol your name
never gonna give you up :P
@Rick Astley
Question is, do you know the rules?
Best Thread Ever
@Waltah
Name a time when AT&T didn't let you down.
They're never gonna give you up because you have a contract.
@kealexyahoocom
at least you got 2 GB of ram, I hope it is 2GB of RAM.
I finally got my answer: IPAD only has 256 of RAM, seems small to me, even using SSD for the rest, SSD is not fast enough
@Rick Astley
FUCK AT$T!!
i'm actually impressed at the level of detail and explanation in that email
@nerd
Yes. They are very, very sorry and will make every effort to make sure it does not happen again. Until the next time.
It's definitely a security breach, but if all they got were email addresses it could have been worse.
@Waltah
That's what I'm thinking.... hopefully it really was just emails...
@Waltah
The dead sea scrolls held information for a couple of thousand years, i wonder what they will find in iPads 2 thousand years from now.
@MrJimlad
An ipad wont last that long...
hope they used BCC
@goseki YOU WIN!!! LMAO
VERIZON!!!!!!!!!!!!
@ngko
Were you at WWDC this year? :)
Free and AT&T. Two words in the English language that will never be used together.
@Big Wizz
Hey now, that's not true! Basic Voicemail is free;)
@Big Wizz Visual voicemail on iPhone is free. Verizon charges for such a luxury ;)
@itsGLORIOUS
if you call $15-$30 data charge "free" then yeah, visual voicemail is "free." as if any carrier would just give you a service for free. you're PAYING for it.
At least they won't have a hard time finding the emails *snicker* ;)
VERIZON!! I LOVE THAT GUY (during wwdc)
how about giving me a discount you pricks
Hopefully they'll still have access to their email to read it?
...Yes AT&T, i got it, My Email was released, but everything else is safe :l
....
"LOL, sry. lol"
Just give em' a Rainbow AT&T shirt. How could they refuse?
Oh, an apology. How nice.
How about a month's service free for your horrible gaffe?
@muchdrama
+1
but my Boston is cuter than yours lol
@eminisp I just told Petey what you said & he growled viciously.
Naw, I'm just kidding--he's sleeping on top of my clean laundry now.
@Waltah That just proves Big Wizz's point. That sentence doesn't include "AT&T"
If they were using a random program, that makes them script kiddies not hackers.
Nice made up name of the PR person ATTwood. That's like Tom Moblington.
Wait a second, how are you mass-sending these apologies, not through our emai... NOOOOO!
HAHAHAHA!! AT&T should do stand up. Funny ass company.NO WONDER im leaving them and so is my family and friends. Iphone, Ipad, that's all they care about. IM OUT... Hello T-Mobile and the REAL Galaxy-S not some fake underpowered alternative named the Captive.
F*Ck AT&T
Wow, kids are serious about tech companies these days.
To show how sorry we are, we're increasing our monthly plan cost.
@Timerider Nah, they're cutting 5 bucks off the top end data plan!!
Along with the whole unlimited part.
Well, I'm sure Jobs is on the phone and yell at de la Vega to kingdom come. I mean it's AT&T's fault, but Apple got an extremely bad PR for this with every headlines associating the iPad having the security breach.
Considering AT&T's latest slogan: "Rethink Possible." I guess they took it too seriously, wanting their customers to rethink about using AT&T.
great, more more useless email to go with the whole slew of new spam I get now because of it. That makes it all better, AT&T!
Why is it that everyone feels it necessary to refer to an AT&T website being hacked as an "iPad Breadh?" Is it because the word "iPad" generates hits and when it's about generating hits, accuracy takes a back seat?
iPad customers were effected by an AT&T security breach. AT&T apologizes to iPad 3g owners effected by AT&T security. Either of those statements is accurate.
There is no iPad security breach.
Heck, ABC News even reported literally that "Hackers have found a way to steal email addresses from iPads." Honestly, that's what they wrote. They go on to state that people are hacked after using their iPads to access the AT&T website and that the iPads are subsequently compromised afterwards.
The real story here isn't the actual AT&T flaw. Big deal. Crap like that happens all the time.
The real story is just how inaccurately this has been reported across the board, even by people that I once trusted, like engadget. The New York Times, Reuters, ABC News... just plain sad.
It makes you wonder about the validity of the stuff you don't understand.