The FBI informed the Wall Street Journal yesterday that they have opened an investigation looking into this week’s iPad security leak in which a group called Goatse Security published the email addresses and ICC-IDs (integrated circuit identifier numbers) of 114,000 iPad owners. Subscribers affected include Fortune 500 CEOs, as well as top government and military officials like White House Chief of Staff Rahm Emanuel.
It appears that Goatse Security uncovered the security hole by going onto a public script on AT&T’s website. The group apparently threw random ICC-IDs at the script which would in return supply the email address of the respective subscriber due to a flaw in the system. It is true that the hole has been closed and there seems to be no evidence that any information other than subscribers’ emails were leaked. Gawker is reporting, however, that they believe those 114,000 user accounts have been compromised; on top of this, they claim that there is a possibility that every U.S. iPad 3G owner’s confidential information has been exposed.
This is a very worrisome development for iPad users. Even if the breach itself isn’t detrimental, having the world know your email address isn’t exactly as bad as it knowing your social security or credit card numbers. It’s more of a nuisance than anything else, it will likely make prospective iPad customers more wary of purchasing Apple’s latest hit device. After all, nobody wants their personal information to be publically available. It will be interesting to see if the fallout from this will hurt iPad’s sales in the coming months. Even if sales aren’t significantly affected by this, there is absolutely no way that Apple isn’t furious with AT&T right now, seeing as how this breach is coming in the same week as Jobs’ recent embarrassing inability to get service during his iPhone 4G demo at WWDC.
AT&T has issued a statement acknowledging the breach and apologizing to customers, quoted below:
“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device. This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses. The person or group who discovered this gap did not contact AT&T. We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained. We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.”