Latest in Att

Image credit:

AT&T sends apology email to customers affected by iPad 3G security breach

Nilay Patel
06.13.10
Share
Tweet
Share
Save

Sponsored Links

Good news if you're one of the 114,000 iPad 3G owners whose email address was uncovered by hackers spoofing the AT&T ICC database the other day -- AT&T is very, very sorry, and it's written you a nice email to make it all better. Ma Bell says the "hackers deliberately went to great efforts with a random program," which is pretty funny -- we can only imagine the damage insincere hackers making a half-hearted effort with a non-random program could have done. In any event, AT&T says the hole's been patched, that it's working with law enforcement to figure out who's liable, and promises that it takes your privacy seriously. Yes, it's all very nice -- although we're sure affected customers would much rather hear that they're being comped a free month of service. Full email after the break.

[Thanks, Brad]



June 13, 2010

Dear Valued AT&T Customer,

Recently there was an issue that affected some of our customers with AT&T 3G service for iPad resulting in the release of their customer email addresses. I am writing to let you know that no other information was exposed and the matter has been resolved. We apologize for the incident and any inconvenience it may have caused. Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.

Here's some additional detail:

On June 7 we learned that unauthorized computer "hackers" maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service. The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen.

The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity.

As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses. Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.

I want to assure you that the email address and ICC-ID were the only information that was accessible. Your password, account information, the contents of your email, and any other personal information were never at risk. The hackers never had access to AT&T communications or data networks, or your iPad. AT&T 3G service for other mobile devices was not affected.

While the attack was limited to email address and ICC-ID data, we encourage you to be alert to scams that could attempt to use this information to obtain other data or send you unwanted email. You can learn more about phishing by visiting the AT&T website.

AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers' information or company websites. We will cooperate with law enforcement in any investigation of unauthorized system access and to prosecute violators to the fullest extent of the law.

AT&T acted quickly to protect your information – and we promise to keep working around the clock to keep your information safe. Thank you very much for your understanding, and for being an AT&T customer.

Sincerely,

Dorothy Attwood
Senior Vice President, Public Policy and Chief Privacy Officer for AT&T

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
'Fortnite' DirectX 12 update boosts performance on high-end PCs

'Fortnite' DirectX 12 update boosts performance on high-end PCs

View
Check out the trailer for the final episode of Darth Vader's VR saga

Check out the trailer for the final episode of Darth Vader's VR saga

View
Karma's latest supercar concept boasts neck-snapping power

Karma's latest supercar concept boasts neck-snapping power

View
Washington, DC sues DoorDash for allegedly misleading users about tips

Washington, DC sues DoorDash for allegedly misleading users about tips

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr