John
06-11-2010, 07:12 AM
The FBI is investigating a data breach at AT&T that exposed the email addresses of more than 114,000 owners of the Apple iPad, including government officials.
The agency said it was looking into "the potential cyber threat" from the breach.
Dallas-based phone company AT&T said it had no comment.
The firm admitted that it had exposed the email addresses through a website and had closed the breach. The vulnerability affected only iPad users who signed up for AT&T's 3G wireless internet service.
An AT&T website could be tricked into revealing an iPad owner's email address when supplied with a code associated with their particular iPad. A hacker group that calls itself Goatse Security said it got the site to cough up more than 114,000 email addresses by guessing which codes would be valid. The group said it contacted AT&T and waited until the vulnerability was fixed before going public with the information.
AT&T said the problem was fixed on Tuesday but that it was alerted by a business customer. Apple, the maker of the iPad, has not commented on the breach, referring all questions to AT&T. AT&T has apologised and said it will notify all iPad users whose email addresses may have been accessed.
It noted that the only information hackers would have been able to steal using the attack were users' email addresses. But that can be enough to launch an effective attack, since the attacker also knows that the person receiving the email is an iPad user and an AT&T customer and would expect to receive email from Apple and AT&T about their accounts.
Criminals could use that knowledge to trick them into opening emails that plant malicious software on their computers. New York mayor Michael Bloomberg's email address was among those exposed, but the billionaire media mogul shrugged it off.
"It shouldn't be pretty hard to figure out my email address," he said, "and if you send me an email and I don't want to read it, I don't open it. To me it wasn't that big of a deal."
The agency said it was looking into "the potential cyber threat" from the breach.
Dallas-based phone company AT&T said it had no comment.
The firm admitted that it had exposed the email addresses through a website and had closed the breach. The vulnerability affected only iPad users who signed up for AT&T's 3G wireless internet service.
An AT&T website could be tricked into revealing an iPad owner's email address when supplied with a code associated with their particular iPad. A hacker group that calls itself Goatse Security said it got the site to cough up more than 114,000 email addresses by guessing which codes would be valid. The group said it contacted AT&T and waited until the vulnerability was fixed before going public with the information.
AT&T said the problem was fixed on Tuesday but that it was alerted by a business customer. Apple, the maker of the iPad, has not commented on the breach, referring all questions to AT&T. AT&T has apologised and said it will notify all iPad users whose email addresses may have been accessed.
It noted that the only information hackers would have been able to steal using the attack were users' email addresses. But that can be enough to launch an effective attack, since the attacker also knows that the person receiving the email is an iPad user and an AT&T customer and would expect to receive email from Apple and AT&T about their accounts.
Criminals could use that knowledge to trick them into opening emails that plant malicious software on their computers. New York mayor Michael Bloomberg's email address was among those exposed, but the billionaire media mogul shrugged it off.
"It shouldn't be pretty hard to figure out my email address," he said, "and if you send me an email and I don't want to read it, I don't open it. To me it wasn't that big of a deal."