Calling it the "most exclusive e-mail list on the planet," Gawker said the list of exposed owners included New York Mayor Michael Bloomberg, White House Chief of Staff Rahm Emanuel and other powerful figures in finance, media and politics.
The security hole was uncovered by Goatse Security, a group known among security experts as hackers who enjoy pulling Web pranks, Gawker reported. Still, the group previously has uncovered flaws in browsers Firefox and Safari, Gawker said.
When contacted by ABCNews.com, a man who asked to be named as a Goatse employee confirmed Gawker's report.
"It's absolutely real," he said, adding that the group gave the Gawker reporter their data set and he was able to verify the information.
The employee said someone in his organization learned that when given an iPad owners' unique identification number, a program on AT&T's website would return the e-mail address connected to that account.
Once the hole was uncovered, he said, the group was able to write a script that would automatically predict ID numbers and return the associated e-mail addresses.
In about six hours, he said, the group was able to scrape information for about 114,000 iPad 3G owners, but he did not say how many iPad owners could have been affected in total.
He said the flaw was discovered about a month ago and AT&T was notified this week. He added that the company since has patched the hole.
AT&T said it was notified of the breach on Monday by a customer, but was not told by Goatse.
Src & photo: [gawker]
No comments:
Post a Comment