AT&T is apologizing to over 100,000 Apple iPad 3G owners for what it says was a security breach by a hacker that gained access to e-mail addresses. The apology came on Sunday, six days after an AT&T says a hacker gained access to 114,000 AT&T iPad 3G customers' e-mail addresses, according Dorothy Attwood, senior vice president for public policy and chief privacy office.
AT&T says that it learned on June 7 that hackers had "maliciously exploited" a function in its system to obtain serial numbers of AT&T SIM cards for the iPad 3G (called ICC-IDs) and their corresponding e-mail addresses (including some high-ranking names from the Senate, Department of Justice, FCC, NASA, Google, Amazon, Microsoft and several big media companies).
In a public statement Attwood assured users no other information was exposed, and that the matter has been resolved. (Full text of the letter here.)
The list of e-mail addresses obtained through this exploit was then offered to the media, with Gawker being the first to pick up on the story on June 9.
AT&T claims in the e-mail that it has plugged the security whole which allowed this breach "within hours," and says that email addresses and ICC-IDs were the only information available through the security hole.
The computer experts group that exposed the AT&T security hole, called Goatse Security, has taken offence to the wireless carrier calling them "hackers" and their activities "malicious" in the apology e-mail to customers.
The group wrote on its blog on Monday morning, saying AT&T "is being dishonest about the potential for harm" from the security hole it has exposed.
Goatse Security's Escher Auernheimer claims "AT&T is trying to crucify us over this", insisting "there was not a hint of maliciousness in our disclosure. We disclosed only to a single journalist (at Gawker) and destroyed the data afterward." Prior to the Gawker story, the group has reportedly e-mailed several other media companies, including Fox News and Reuters, to pitch their findings.
The Federal Bureau of Investigation last Thursday opened an investigation into the AT&T security breach.
Gawker, which also published a picture of a stack of papers with the ICC-ID numbers and associated e-mail addresses harvested by Goatse Security, has been contacted by the FBI.