This iPad security breach story from last week continues to spin way out of control, and in our opinion fingers are being pointed in the wrong direction. The FBI is investigating the incident, and a few hours ago AT&T finally communicated with customers to tell them about the breach (I’ve reprinted the AT&T email below).
Here’s what happened: Goatse Security discovered a rather stupid vulnerability on the AT&T site that returned a customer email if a valid serial number for the iPAD SIm card was entered. An invalid number returned nothing, a valid number returned a customer email address. Goatse created a script and quickly downloaded 114,000 customer emails. They then turned all that over to Gawker, after, they say, AT&T was notified and the vulnerability was closed. Gawker published some of the data with the emails removed. Says Goatse: “All data was gathered from a public webserver with no password, accessible by anyone on the Internet. There was no breach, intrusion, or penetration, by any means of the word.”
Related News
With MAXroam’s New SIM, You Can Kiss AT&T Goodbye And Head To Europe With Your iPad
How to create your own Micro SIM card using a chef knife and some scissors
Uh-oh: Looks like the Nexus One kind of sucks at multi-touch (Video)
iWork 2010 announced, will support iPad’s multi-touch controls (and your regular Mac, too)
Apple: No Porn Allowed in iPhone’s App Store
