114,000+ 3G iPad User Emails Exposed114,000+ 3G iPad User Emails Exposed

Adding to AT&T's troubled reputation is the recent security breach with iPad 3G users accounts. It has been labeled the worst security breach in Apple's history and it is a breach that was beyond Apple's control as it all happened on AT&T's servers. The list of who was exposed is a veritable who's who list of politicians, corporate executives and celebrities, along with the average Joe here and there.Gawker was given data by a security firm called Goatse Security (yes, that Goatse). It is a list of about 114,000 user accounts with the email address associated with it. Gawker suggests though that it is possible all 3G iPad owner's email addresses may have been obtained.

It is an interesting list of people. White House Chief of Staff Rahm Emanuel's email was listed, as was Diane Sawyer's, Mayor Michael Bloomberg's, and the CEO's and executives of companies like The New York Times, Time Inc. and Dow Jones. More than a few high ranking military personnel were also listed, like Colonel William Eldridge, commander of the largest B-1 bomber squadron currently operational in the US. I hope these guys were using the devices for innocuous things like web browsing and reading ebooks, not using it for communicating or storing sensitive information.

The hack looks pretty straight forward. As Gawker explains it, each iPad has an integrated circuit card identifier, or ICC-ID. When that was fed into a specific URL, AT&T's web server would return the email address associated with the ICC-ID. Once you have once ICC-ID, you just need to write a script to start incrementing the numbers and feed them to the server waiting for the results to spew out like oil from a broken well.

AT&T has since closed the security hole, but the damage has been done. Assuming only email addresses were harvested, the worst case scenario is an increase in spam, spam which can be targeted to people with iPads and likely iPhones, Mac's and other high end tech gear. When you can craft emails so specifically, social engineering more likely to be successful.

That doesn't begin to cover the damage caused to AT&T's already embattled reputation, and it certainly puts a black spot on Apple's reputation, which as far as security goes, has been pretty stellar.

If you only have a WiFi iPad, you needn't worry as AT&T doesn't have your account information. iPhone accounts too appear to be unaffected. However, if you are an iPad 3G user in the US on AT&T's network check your email. There is a good chance you'll see two things. First an apology from AT&T alerting you to the breach. Secondly, you will probably see an increase in spam.