A security hole on AT&T’s website has led to the exposure of email addresses and SIM ICC-ID numbers for 114,000 iPad with Wi-Fi + 3G users. Gawker reports that a security company known as Goatse Security discovered a script on AT&T’s website, accessible by the public, through which it obtained the data.
While the security group did notify AT&T of the breach, and the company subsequently closed the security hole, the group admits it shared the PHP script it used to harvest the data with several third-parties prior to AT&T’s action, meaning that the accounts of all 114,000 known users, and possibly more, have potentially been compromised. Included in the breach were the email addresses and ICC-ID numbers of a number of high-ups in the media, tech, and financial industries, as well as a number of senior government officials, allegedly including White House Chief of Staff Rahm Emanuel.
Despite the leak, a notable security expert at the University of Virginia told Gawker the exposure of ICC-ID information “has no direct security consequences.” AT&T and Apple have yet to comment on the matter.
.