Roughly 114,000 Apple iPad users' e-mail addresses were leaked this week, and now the FBI is looking into the matter to determine the threat level. Given the iPad's stunning popularity and the frightening number of affected owners, many questions need answering. Here's a FAQ about Apple and AT&T's new relationship with federal investigators.
What Happened?
Basically, a group of hackers discovered a flaw on AT&T's Web site, stole a ton of iPad owners' identifying information, and gave the data to a popular blog. The security hole has since been plugged.
The hackers go by the name Goatse Security and have previously been responsible for unearthing vulnerabilities in Web browsers and in Amazon's community ratings system, according to Valleywag.
Goatse found a buggy Web application on AT&T's Web site that returned an iPad user's e-mail address when it was sent specially written queries. These queries involved ICC-IDs (Integrated Circuit Card Identifiers) -- unique numbers given to iPad owners that identify iPads connected to AT&T's mobile network. Goatse then wrote an automated script that repeatedly sent thousands of random ICC-IDs, downloaded the e-mail addresses, and then gave them to the Gawker sister site Valleywag.
Gawker is a parent of the tech blog Gizmodo, which made headlines by nabbing an iPhone 4 way before its official release.
Who's Affected?
Only those with 3G iPads were struck. Here's a condensed list of victims, courtesy of The New York Times:
- Military personnel
- The Senate
- The House
- The Justice Department
- NASA
- The New York Times Company
- Dow Jones
- Condé Nast
- Viacom
- Time Warner
- The News Corporation
- HBO
Celebrities such as Diane Sawyer also stomached the blow.
Valleywag points out that the e-mail list includes people privileged enough to receive an iPad prior to its wide release. This is not to say average iPad owners were not affected -- that information cannot be confirmed.
Who's to Blame?