Prince McLean
The event resulted in an FBI investigation of the attack, which exploited a feature on AT&T's website that auto-populated a user's email address on record when their iPad 3G SIM card serial number was entered into the page.
The attack used scripts to repeatedly poll the site for email addresses based on plausible serial numbers, resulting in a long list of emails tied to specific iPad SIM cards. although no other information was gained.
AT&T has since disabled the feature, so customers logging into the site will have to both enter their SIM card serial number and their email address.
A copy of the letter was posted by BGR (below).
Charles Martin
Malcolm Owen
William Gallagher
Christine McKee
Wesley Hilliard
Andrew Orr
28 Comments
Should have been done on day one! why the long delay?
This is not a good corporate image for AT&T.
I didn't get that letter - and I signed up for 3G for my iPad on day 1.
Should have been done on day one! why the long delay?
This is not a good corporate image for AT&T.
Name a company who has done better or who would do better in a similar situation. The issue was dealt with the same day it became known. Not bad for a company with over 1000,000 employees. How fast does Apple, Microsoft, and the rest deal with this sort of thing. Sometimes it's months before Apple patches a security issue. And then there's Adobe and it's Flash security issues.
"Vaguely apologetic?" The letter has a clear apology, unless of course you're predisposed to dislike anything AT&T does.
I'm disgusted about the failure of AT&T to protect my data. Email addresses today, what else tomorrow? What a bunch of hacks. If the US took personal data security as serious of europe does, perhaps this would happen less often because it would hurt their bottom line. Personal Data should be protected by LAW here - not with a marketing promise. Just other example of how we give the keys to corporations.