114,000 private e-mail addresses have been leaked to the Internet, courtesy of a significant security flaw in the way AT&T stores iPad customer data.
Goatse Security, which has a French-based domain site, posted a “security advisory” that AT&T was not properly encrypting private data of iPad 3G owners that signed up for a data service plan.
It posted the names and e-mail addresses of 114,000 people, including celebrities, executives, and other important figures – including Rahm Emanuel and Diane Sawyer, according to PC World.
AT&T said that it was tipped off about the security flaw by a “business customer,” and not the group that discovered and exploited the flaw. In a statement, the company said, “AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device. This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.”
Earlier this year, Goatse Security exploited flaws in Firefox and Safari that dealth with problematic XPS codes.
The group seems more committed to publicly humiliating companies and gaining notoriety for flaws it finds, and in this case, mission accomplished.