FBI investigates AT&T security breach

Sunday, June 13, 2010

File:IPad-02.jpg

An Apple iPad
Image: Glenn Fleishman.
(Image missing from Commons: image; log)

The United States Federal Bureau of Investigation (FBI) has launched a probe into a security breach that allowed hackers to retrieve 114,000 e-mail addresses of iPad users on the AT&T network.

The FBI announced the investigation Friday, which will determine exactly what allowed a group of hackers using the name "Goatse Security" to access the data. The security breach was first announced by the blog Gawker on Wednesday. The FBI has since asked Gawker Media LLC, the owners of the site, to retain all information relating to the incident. The company was also involved in another recent case with Apple Inc., which included the iPhone 4. Gawker said that it does not believe it is the main target of this FBI investigation.

Editors at Gawker were able to verify the information the hackers sent to them, and did not post full e-mail addresses or any other identifying information in its initial story of the incident. Gawker said that it did not pay Goatse Security for the data. One of the hackers later wrote that they did not reveal the addresses to anyone else and had already deleted them.

The hackers were able to obtain the data after discovering a program on AT&T's website that provides the e-mail address of a user when that user's identification number is given. The hackers essentially guessed and then saved the numbers for the 114,000 users. They did not tell AT&T of the security hole.

A spokesperson for AT&T said Wednesday that the company "was informed by a business customer on Monday of the potential exposure of their iPad ICC-IDs [the identification numbers]", and had disabled the e-mail-providing program by Tuesday. AT&T also said that no other information was stolen other than the e-mails addresses of their customers, and that "there is no evidence that any other customer information was shared." The company says it will notify all of the iPad users whose information was compromised.

Many of the users involved are high-ranking government or corporate officials, including Rahm Emanuel, the current White House Chief of Staff, and Michael Bloomberg, the mayor of New York City. Others include employees of Google and the U.S. military.

Apple has not commented about the breach.


Sources