Military, other fed iPad users compromised in AT&T hack
E-mail addresses exposed in recent white-hat attack
Civilian agency and military 3G Apple iPad users were among those whose e-mail addresses were exposed recently when a hacker group gained access to a list of users – including many high-profile people in industry, politics and the media – via AT&T’s Web site.
Gawker, which first reported the breach, said the compromised information also included users’ ICC numbers, which authenticate users on AT&T’s network. However, AT&T told the New York Times that those numbers only reveal the e-mail address for the iPad users.
A security expert told the Times that an ICC identification could, in theory, be used to determine a device’s location, but doing so would require gaining access to secure databases that are not usually connected to the Internet. Experts said little real harm is likely to come from the attack.
Despite the limited expected fallout, the breach does raise concerns for users of iPads and, perhaps, other wireless devices. The Times told its employees with iPads to turn off the 3G functions until it could investigate the matter.
According to Gawker, the group that first reported the breach to AT&T exploited a script on AT&T’s Web site to get the information on approximately 114,000 users. AT&T, which is Apple’s exclusive provider for the iPhone and iPad, said it was notified of the vulnerability Monday and has since closed the hole.
E-mail addresses revealed included those of New York City Mayor Michael Bloomberg, the chief executive officers of Dow Jones, the New York Times, Time magazine, Diane Sawyer of ABC News and film producer Harvey Weinstein. White House Chief of Staff Rahm Emanuel also was apparently on the list.
Among government users, the list included those with addresses at the Army, the Defense Advanced Research Projects Agency, the Federal Aviation Administration, the Federal Communications Commission, the Justice Department and NASA.