BreachExchange mailing list archives
follow-up: AT&T e-mail apologizes for iPad breach
From: security curmudgeon <jericho () attrition org>
Date: Mon, 14 Jun 2010 00:37:24 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://news.cnet.com/8301-1009_3-20007564-83.html By Steven Musil Security CNet News June 13, 2010 AT&T sent an e-mail to iPad owners Sunday explaining a security breach that occurred on its site and laying much of the blame with the group that discovered the hole. The e-mail, which was signed by AT&T Chief Privacy Officer Dorothy Attwood, blamed "self-described hackers" for uncovering a hole in the company's Web site that allowed for the exposure of 114,000 e-mail addresses belonging to iPad owners, according to a copy posted on Boy Genius Report. Among the iPad users who appeared to have been affected were White House Chief of Staff Rahm Emanuel, journalist Diane Sawyer, New York Mayor Michael Bloomberg, movie producer Harvey Weinstein, and New York Times CEO Janet Robinson. In the e-mail explaining how the breach occurred, Attwood apologized for the breach and said "unauthorized computer 'hackers' maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service": [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- follow-up: AT&T e-mail apologizes for iPad breach security curmudgeon (Jun 13)