AT&T Security Breach

When you deal with large and reputable companies, you might think your data is safe with them. Think again! A weakness in AT&T’s security recently exposed the identities and email addresses of over 114,000 iPad owners, including politicians, high ranked military officials, and top CEOs… Ouch!

Electronista explains the hack: Hacker group Goatse Security claimed to Gawker to have manipulated an AT&T website-side script that would return the e-mail addresses associated with the ICC-IDs of the SIM cards in Apple’s tablets. By using and guessing iPad ICC-IDs through a PHP script, as well as spoofing an iPad-like user agent, the group collected a large amount of personal information that included some well-known figures.

A bit after the news broke, AT&T issued a statement in which they recognized their mistake and said they were working on it. In brief, they gave the usual speech companies give when that kind of event happens.

So how bad is this really? Well, it’s not that bad. The worst thing that will happen is that these people are going to get some extra spam. The ICC-ID isn’t used in any secure access protocols so it won’t go much further.

If I were one of those affected customers, I’d give AT&T a call and would ask for a compensation. A year worth of 3G service might sound a little too much but 6 months free seems pretty reasonable to me.

Have you been affected by this security breach? If so, have you been contacted by AT&T? Did you ask for a compensation?