AT&T emails iPad 3G owners to apologise for security leak

Owners of Apple's new iPad in the 3G model have been contacted via email by AT&T, which accidentally leaked secret documents containing the contact information of owners of the device.

The telecommunications company, which also is the primary partner of Apple in carrying the iPhone, said that the leak was the work of malicious hackers.

Last week, Valleywag, the infamous Silicon Valley gossip website, published some of the more famous names on the list, which even included high profile CEOs and the Mayor of New York, Michael Bloomberg.

The company then went on to explain the mistake in further detail. The full email is pasted below.

Click 'Read More' to see the email in its entirety.

June 13, 2010

Dear Valued AT&T Customer,

Recently there was an issue that affected some of our customers with AT&T 3G service for iPad resulting in the release of their customer email addresses. I am writing to let you know that no other information was exposed and the matter has been resolved. We apologize for the incident and any inconvenience it may have caused. Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.

Here's some additional detail:

On June 7 we learned that unauthorized computer "hackers" maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service. The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address. When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen.

The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses. They then put together a list of these emails and distributed it for their own publicity.

As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses. Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.

I want to assure you that the email address and ICC-ID were the only information that was accessible. Your password, account information, the contents of your email, and any other personal information were never at risk. The hackers never had access to AT&T communications or data networks, or your iPad. AT&T 3G service for other mobile devices was not affected.

While the attack was limited to email address and ICC-ID data, we encourage you to be alert to scams that could attempt to use this information to obtain other data or send you unwanted email. You can learn more about phishing by visiting the AT&T website.

AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers' information or company websites. We will cooperate with law enforcement in any investigation of unauthorized system access and to prosecute violators to the fullest extent of the law.

AT&T acted quickly to protect your information – and we promise to keep working around the clock to keep your information safe. Thank you very much for your understanding, and for being an AT&T customer.

Sincerely,

Dorothy Attwood
Senior Vice President, Public Policy and Chief Privacy Officer for AT&T

Read More

Don't blame Apple for document leak, it's AT&T's fault

Tuau, the 'unofficial Apple weblog' has come to the rescue of Apple in the wake of yet another embarrassing leak from the technology company, this time about the iPad.

When it was told that a huge list of iPad 3G customers had been leaked into the public domain, the blog came to the rescue of the company it's partly named after, saying that it was in fact not Apple's fault, but the fault of AT&T.

So why is this Apple's fault? Because Apple has teamed up with AT&T, and therefore -- through the transitive power of magical thinking coupled with a deep desire for web traffic and Digg hits -- Apple is responsilbe for ensuring that AT&T doesn't make any mistakes. Apple is supposed to "patrol" AT&T's network.

I think they've got a point. Read the full article here.

Read More

Australian MP talks of 'creepy' Google

In addition to saying that Google had committed the "single greatest breach in the history of privacy", the Australian communications minister went further, saying that the search giant was 'creepy'.

The MP says that he wants to have an internet filter put in place, which some may say is even creepier.

Google has been under fire as of late with regard to its streetview feature, which, it was revealed, accidentally collected data about private WiFi networks during development.

Read More

Is Google snooping on your WiFi?

Google, the internet search and cloud computing company, has today announced that it will no longer collect information on personal and commercial wireless internet networks after it 'mistakenly' gathered such information as part of its StreetView service.

According to the Sydney Morning Herald:

"Maintaining people's trust is crucial to everything we do, and in this case we fell short," Alan Eustace, a Google senior vice president for engineering and research, said in a blog post.

Concerns over the data collection were highlighted in the media last week, with reporting over the growing concerns expressed by two Australian privacy groups, the Electronic Frontiers Australia and the Australian Privacy Foundation.

Google has stated numerous times that it holds the privacy of its users as a concern of paramount importance, and that it takes all measures to ensure that people's private information is kept from prying or unwanted eyes.

"We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it," he said.

"Given the concerns raised, we have decided that it's best to stop our Street View cars collecting WiFi network data entirely," he added. Eustace said personal wireless data was mistakenly collected only from unsecured, or non-password-protected WiFi networks, and "we never used that data in any Google products."  

Read More

Facebook founder comes under fire over conversation transcript

A leaked instant messenger transcript obtained from Mark Zuckerberg, the founder of social networking site Facebook, has been causing a stir among the 400 million users who actively use the site. In the transcript, Zuckerberg mocks users who joined his growing website community.

The leak comes after the user community and social media analysts have questioned the company's stance on privacy, which is becoming an increasingly frustrating issue as they try to gain more users.



Business Insider broke the story, publishing the transcript of the conversation causing the controversy. Here is a snipped of the transcript that Murray Report has obtained.

Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How'd you manage that one?

Zuck: People just submitted it.

Zuck: I don't know why.

Zuck: They "trust me"

Zuck: Dumb f***s.

Facebook has not denied the transcript's authenticity, and replied by saying that "the privacy and security of our users' information is paramount to us here at Facebook".

The Sydney Morning Herald's Stephen Hucheon commented that the leak underscores Mr Zuckerberg's position as the internet's 'favorite whipping boy', and that in January, Zuckerberg had told an audience that privacy was 'no longer a social norm'.

At the heart of complaints, Hucheon claims, is that the default setting for privacy on Facebook has changed, and that users are mostly unaware of how to change them. At present, all profiles are immediately set to a fairly public setting by default.

The New York Times calculated that Facebook's privacy policy is now longer than the constitution, and the company has reportedly called a privacy 'overview meeting' on Friday to discuss these matters.

Read More