Dallas (ip-192.com): Emails from up to 114,000 users of Apple's iPad have been disclosed. A security flaw in one of AT&T’s websites allowed a group that calls itself Goatse Security to penetrate the website and uncover the emails. AT&T blocked access to the site after it discovered the breach that was revealed by Gawker Media on Wednesday. The carrier says that little sensitive data has leaked. However, many reports suggest that email addresses from prominent political and business leaders have been revealed.
The vulnerability only affected iPad users that did sign up for AT&T’s 3G wireless service in the U.S. "We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted," AT&T said in a statement. The breach exploited an Integrated Circuit Card Identifier (ICC-ID) present on every SIM card that is used as an authentication token. After the AT&T website received the ID's, it responded by providing an email addresses to allow a speedy log-on process to user accounts. The hacker group exploited the flaw by sending thousands of requests with made up codes to AT&T’s website, masqueraded as valid requests from iPads.
AT&T says that the issue has been resolved and that it will inform all customers who were impacted. It discovered the vulnerability after being alerted by a customer. Only email addresses were revealed in the breach. Goatse Security says that it has previously exposed vulnerabilities in Amazon's rating system and the Firefox and Safari web browsers.
[...] AT&T after the accidental leak of about 114,000 email addresses last week (ip-192.com reported here). The vulnerability did only affect iPad users that did sign up for AT&T's 3G wireless service [...]