iPad Users' E-mail Addresses Exposed

June 11, 2010

The Federal Bureau of Investigation has begun an investigation into a data breach at AT&T that resulted in the exposure of 114,000 e-mail addresses for Apple iPad owners — including some belonging to celebrities, television journalists and top government officials.

An FBI official told the Associated Press on Thursday that it was looking into “the potential cyber threat” from the breach.

AT&T is the exclusive wireless provider for Apple’s new iPad and its popular iPhone. A security group that calls itself Goatse Security first discovered the vulnerability within AT&T’s system that allowed for the breach.

An AT&T Web site could be duped into revealing an iPad owner’s e-mail address when supplied with a code associated with a particular iPad, according to the Associated Press report.

No personal information was exposed other than e-mail addresses. But in some cases, the  e-mail addresses belonged to some prominent people — including White House Chief of Staff Rahm Emanuel, New York City Mayor Michael Bloomberg and Diane Sawyer of ABC News.

Goatse Security indirectly informed AT&T of the vulnerability, and AT&T fixed it before the breach was revealed Wednesday by the web site Gawker. AT&T also apologized for the breach.

In some scenarios, even simple e-mail addresses could be of use to scammers. An attacker with a list of a company's customers, for example, could impersonate that company in an e-mail in order to try to plant malicious software or try to solicit information from the customer.