In response to the “brute force” attack by self professed “Internet trolls,” prosecutors have finally charged two individuals with a hack that exposed the personal data of over 120,000 iPad users in June.
The duo responsible for the hack reportedly capitalized on an AT&T security flaw to obtain private email addresses and other sensitive data.
Among the list of those hacked are celebs like New York City Mayor Michael Bloomberg, ABC News anchor Diane Sawyer, movie maker Harvey Weinstein, and former White House Chief of Staff Rahm Emanuel.
So, how did Andrew Auernheimer and Daniel Spitler execute the hack?
Well, they apparently used an “account slurper” to barrage AT&T servers with brute force, randomly guessing user login info until it matched names and email addresses.
The effort was orchestrated by Goatse Security, a group of “self-professed Internet trolls.”
Still, immediately after the hack, a representative from Goatse Security claimed there was “no hack, no infiltration, and no breach – just a really poorly designed web application that returns email address when ICCID is passed to it.”
Fortunately, AT&T was quick to plug the security hole and informed all users who may have been affected by the breach.
Although the above-mentioned hackers are being charged with criminal activity, one can’t help but wonder who is the real criminal here? Is it AT&T and its flawed security, or is it the hackers who highlighted the problem, regardless of the motive?
Think about it. Because when people buy a product, they expect their information to stay secure as long as they follow general safety procedure.
When it’s a company or product flaw, what does the manufacturer owe the consumer?