What's new
Apple iPad Forum 🍎

Welcome to the Apple iPad Forum, your one stop source for all things iPad. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Email From AT&T about customer info leak

MikesTooLz

iPF Novice
Joined
May 7, 2010
Messages
2,361
Reaction score
20
Location
Miami, FL
Website
Weather.Team
I just recieved an email from AT&T about their recent leak of personal information of over 114,000 iPad 3G customers. Here is a copy of the email.

June 13, 2010

Dear Valued AT&T Customer,

Recently there was an issue that affected some of our customers with AT&T 3G service for iPad resulting in the release of their customer email addresses. I am writing to let you know that no other information was exposed and the matter has been resolved. We apologize for the incident and any inconvenience it may have caused. Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.

Here’s some additional detail:

On June 7 we learned that unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service. The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen.

The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity.

As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses. Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.

I want to assure you that the email address and ICC-ID were the only information that was accessible. Your password, account information, the contents of your email, and any other personal information were never at risk. The hackers never had access to AT&T communications or data networks, or your iPad. AT&T 3G service for other mobile devices was not affected.

While the attack was limited to email address and ICC-ID data, we encourage you to be alert to scams that could attempt to use this information to obtain other data or send you unwanted email. You can learn more about phishing by visiting the AT&T website.

AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers’ information or company websites. We will cooperate with law enforcement in any investigation of unauthorized system access and to prosecute violators to the fullest extent of the law.

AT&T acted quickly to protect your information – and we promise to keep working around the clock to keep your information safe. Thank you very much for your understanding, and for being an AT&T customer.

Sincerely,

Dorothy Attwood
Senior Vice President, Public Policy and Chief Privacy Officer for AT&T
 
Last edited:

Matth3w

iPF Noob
Joined
May 26, 2010
Messages
2,017
Reaction score
2
To me it would be worse that they got my email address. My credit card number I can change, my email I can't. Which means my email (if I was affected which I obviously wasn't with a WiFi only model, just hypothetically speaking) was probably sold to 4700 different spam accounts. Meaning, you'll probably get spam email in that account by the boatloads for as long as you have it.
 
OP
MikesTooLz

MikesTooLz

iPF Novice
Joined
May 7, 2010
Messages
2,361
Reaction score
20
Location
Miami, FL
Website
Weather.Team
Yeah, thats why I use a different email address for every website/company.
I know where all the spam comes from and who gave out my email. It also makes it easy to block a company that decides to give out my email address.
 

epb

iPF Novice
Joined
May 15, 2010
Messages
888
Reaction score
18
Location
Chicago, IL
There should not actually be any spam - the web site that brought the security weakness to light didn't distribute the e-mails addresses they got, as it was just a publicity stunt.
 
OP
MikesTooLz

MikesTooLz

iPF Novice
Joined
May 7, 2010
Messages
2,361
Reaction score
20
Location
Miami, FL
Website
Weather.Team
I just recieved this same letter via snail mail.
it also said that I should keep alert for scam attempts that may happen due to my info being leaked. But not to worry, att wont leak out any more private info than they already have.
 

Most reactions

Latest posts

Top