AT&T sends apology email to customers affected by iPad 3G security breach
By Nilay Patel 
posted June 13th 2010 10:47PM
posted June 13th 2010 10:47PM
[Thanks, Brad]
June 13, 2010
Dear Valued AT&T Customer,
Recently there was an issue that affected some of our customers with AT&T 3G service for iPad resulting in the release of their customer email addresses. I am writing to let you know that no other information was exposed and the matter has been resolved. We apologize for the incident and any inconvenience it may have caused. Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.
Here's some additional detail:
On June 7 we learned that unauthorized computer "hackers" maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service. The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen.
The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity.
As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses. Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.
I want to assure you that the email address and ICC-ID were the only information that was accessible. Your password, account information, the contents of your email, and any other personal information were never at risk. The hackers never had access to AT&T communications or data networks, or your iPad. AT&T 3G service for other mobile devices was not affected.
While the attack was limited to email address and ICC-ID data, we encourage you to be alert to scams that could attempt to use this information to obtain other data or send you unwanted email. You can learn more about phishing by visiting the AT&T website.
AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers' information or company websites. We will cooperate with law enforcement in any investigation of unauthorized system access and to prosecute violators to the fullest extent of the law.
AT&T acted quickly to protect your information – and we promise to keep working around the clock to keep your information safe. Thank you very much for your understanding, and for being an AT&T customer.
Sincerely,
Dorothy Attwood
Senior Vice President, Public Policy and Chief Privacy Officer for AT&T
Where's Darth Vader to say "Apology accepted, Captain Needa"
June 13, 2010
Dear Valued AT&T Customer,
Our bad, sorry, seriously we're sorry. So if you notice any emails coming to you for horny goatweed again our bad. We value you as a money stream, customer, and hope you remain with us. Lol who are we kidding we got you with the iPad 3G thanks again sucker.
While we have your attention we noticed in our records your contract is about to expire, wouldn't now be a good time to renew before our rates go up?
Sincerely
We know where you live and are at by tracking your cellphone 24/7.
Only a apology. Come on they should give me some money back. I have gave them over $2500 the last 3 years.
Gee, thanks for the text-filled email, AT&T.
I'll remember that when I tell others what tightwads you are with your service. ;D
I almost think att is actively competing for a worst company awarfd. Every week its something else. How can you possibly blame your security hole on the people who uncovered it? It is like a child blaming their bad grade on the teacher. I don't understand why anyone does business with them, especially since there are so many alternatives with great phones.
So, wait... They sent an apology email to the very email addresses that they leaked? Is there a bit of irony in there somewhere?
So being in the dumb-o-system of stupid isn't safe.
"iPad 3G security breach"
@fast
"the dumb-o-system of stupid"
I think that says everything we need to know about you.
@Jack ...and by "we" you meant, you and the other people at the looney ward. Haven't you noticed how you and the othercultster trolls fail. Grow some.
There's still time to shoot the messenger:
http://www.telegraph.co.uk/technology/apple/7826331/ATandT-blames-Goatse-Security-for-iPad-data-breach.html
"On June 7 we learned that unauthorized computer "hackers" maliciously exploited a function..."
As opposed to... say... authorized hackers?
My email got leaked and all I got was this stupid email.
I got my "sorry 'bout that" note 1:30am.
Perhaps it would be more sincere if AT&T just reversed their bait and switch and credited those of us who were forced to auto renew our unlimited plans for a month of service, then made it policy once again to keep their promises as stated when we were marketed our iPads, specifically that we would be able to purchase unlimited data for $30 a month without having to auto renew, and with as much time in between months as we like. This is what we were promised and it's what we want. Nothing less than that will satisfy us.