UPDATEDGoatse Security, a web security/"hacking" group, discovered a major security hole that may have compromised the personal information of some 114,000 iPad users, Gawker reports.
The exposed information was believed to have included users' email addresses and ICC-IDs, a unique ID stored on a SIM card that is used to identify a mobile subscriber and enable them to connect to a mobile network (in this case, AT&T). An AT&T spokesperson who contacted the Huffington Post said that the only personal information exposed were email addresses (see statement below).
According to Gawker, this data belonged to "dozens of CEOs, military officials, and top politicians," as well as "A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg." Rahm Emanuel and the Air Force's Colonel William Eldredge may also have had their personal data put at risk, while it's even possible that "confidential information about every iPad 3G owner in the U.S. has been exposed."
Only 3G-enabled iPads, which are connected to AT&T's 3G network, seem to have been affected. Goatse's probe into the iPad 3G security hole suggests that the blame lies with AT&T, but possibly Apple, as well. (Find out how they uncovered the breach here)
AT&T has addressed the data breach in "recent days," but only after Goatse alerted the company to the security weakness. iPad 3G users were reportedly not notified of the security glitch.
The AT&T spokesperson told the Huffington Post in a statement:
AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.