Email Addresses and SIM Identifiers of 114,000 AT&T iPad 3G Users Exposed
Valleywag reports that a security breach on AT&T's website has allowed public access to email addresses and SIM card identifier numbers (known as ICC-IDs) for 114,000 iPad Wi-Fi + 3G users on the company's cellular network.
The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.
The security hole, which has been closed by AT&T, appears to have been related to data meant for a Web application accessible on the iPad. Those who discovered the hole were able to guess large swaths of ICC-ID numbers based on a handful of known numbers and use a script paired with an iPad user agent setting on their browser to query the email addresses associated with the ICC-IDs.
Beyond the obvious privacy implications of having personal email addresses exposed, it is unclear exactly what the ramifications of the security breach are. Despite claims from those who discovered the breach that the information might be able to be used to spoof devices or intercept data, other security researchers do not believe that to be possible. AT&T and Apple have yet to comment on the situation.