The specific information exposed in the breach included subscribers' email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T's network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber.This is a huge black eye for both AT&T and Apple. From a selfish perspective, this might actually drive Apple to finally drop their exclusive agreement with AT&T. I'd love an iPhone or an iPad, but I don't want to switch carriers.
AT&T closed the security hole in recent days, but the victims have been unaware, until now. For a device that has been shipping for barely two months, and in its cellular configuration for barely one, the compromise is a rattling development. The slip up appears to be AT&T's fault at the moment, and it will complicate the company's already fraught relationship with Apple.
Thursday, June 10, 2010
AT&T Steps in it Big Time
A horrendously implemented AJAX web service exposed information on over 114k iPad subscribers.