follow-up: AT&T e-mail apologizes for iPad breach

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://news.cnet.com/8301-1009_3-20007564-83.html

By Steven Musil
Security
CNet News
June 13, 2010

AT&T sent an e-mail to iPad owners Sunday explaining a security breach 
that occurred on its site and laying much of the blame with the group that 
discovered the hole.

The e-mail, which was signed by AT&T Chief Privacy Officer Dorothy 
Attwood, blamed "self-described hackers" for uncovering a hole in the 
company's Web site that allowed for the exposure of 114,000 e-mail 
addresses belonging to iPad owners, according to a copy posted on Boy 
Genius Report. Among the iPad users who appeared to have been affected 
were White House Chief of Staff Rahm Emanuel, journalist Diane Sawyer, New 
York Mayor Michael Bloomberg, movie producer Harvey Weinstein, and New 
York Times CEO Janet Robinson.

In the e-mail explaining how the breach occurred, Attwood apologized for 
the breach and said "unauthorized computer 'hackers' maliciously exploited 
a function designed to make your iPad log-in process faster by 
pre-populating an AT&T authentication page with the email address you used 
to register your iPad for 3G service":

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php