Good headlines if you’re a single of a 114,000 iPad 3G owners whose email address was uncovered by hackers spoofing a AT&T ICC database the alternative day — AT&T is really, really sorry, and it’s created you the good email to have it all better. Ma Bell says a “hackers on purpose went to great efforts with the random module,” which is flattering droll — you can only suppose the repairs insincere hackers making the half-hearted effort with the non-random program could have done. In any eventuality, AT&T says a hole’s been patched, which it’s operative with law enforcement to figure out who’s liable, as well as promises which it takes your remoteness seriously. Yes, it’s all very good — nonetheless we’re certain affected business would most rather listen to which they’re being comped a giveaway month of use. Full email after the mangle.

[Thanks, Brad]

June 13, 2010

Dear Valued AT&T Customer,

Recently there was an issue that influenced a little of our customers with AT&T 3G use for iPad resulting in the recover of their patron email addresses. I am essay to let you know which no other report was exposed and a matter has been resolved. We apologize for a incident as well as any inconvenience it might have caused. Rest assured, you can continue to make use of your AT&T 3G service on your iPad with certainty.

Here’s a little one more detail:

On June 7 we schooled that unapproved computer “hackers” maliciously exploited a duty designed to make your iPad log-in routine faster by pre-populating an AT&T authentication page with the email residence you used to register your iPad for 3G use. The self-described hackers wrote program code to randomly generate numbers which mimicked serial numbers of the AT&T SIM card for iPad – called a integrated circuit label identification (ICC-ID) – and regularly queried an AT&T web address. When the series generated by the hackers suited an tangible ICC-ID, a authentication page log-in screen was returned to the hackers with a email residence associated with a ICC-ID already populated upon a log-in screen.

The hackers deliberately went to good efforts with the random module to remove possible ICC-IDs and capture customer email addresses. They then put together the list of these emails as well as distributed it for their own broadside.

As shortly as you became aware of this incident, you took swift action to forestall any serve unapproved bearing of customer email addresses. Within hours, AT&T infirm a mechanism which automatically populated a email address. Now, a authentication page log-in screen requires a user to come in both their email address and their cue.

I wish to assure you which a email residence as well as ICC-ID were a only information that was accessible. Your cue, comment information, the essence of your email, as well as any other personal report were never at risk. The hackers never had access to AT&T communications or data networks, or your iPad. AT&T 3G service for other mobile devices was not affected.

While the attack was singular to email address as well as ICC-ID data, we inspire you to be rapt to scams that could try to make use of this information to obtain other interpretation or send you unwanted email. You can learn some-more about phishing by on vacation a AT&T website.

AT&T takes your privacy seriously and does not tolerate unapproved access to the customers’ information or company websites. We will concur with law coercion in any investigation of unauthorized system entrance and to take to court violators to the fullest extent of the law.

AT&T acted fast to protect your report – as well as you guarantee to keep working around the time to keep your information protected. Thank you very much for your understanding, as well as for being an AT&T patron.

Sincerely,

Dorothy Attwood
Senior Vice President, Public Policy as well as Chief Privacy Officer for AT&T