Paul Sakuma/Associated Press/File 2010
AT&T says the flaw that exposed-mail addresses of more than 114,000 iPad users has been corrected. (Paul Sakuma/Associated Press/File 2010)
NEW YORK — The FBI is investigating a data breach at AT&T that exposed the e-mail addresses of more than 114,000 owners of the Apple iPad, including government officials.
The agency said yesterday that it is looking into “the potential cyber threat.’’
AT&T Inc. had no comment. The phone company acknowledged Wednesday that it had exposed the e-mail addresses through a website, but had closed the breach. The vulnerability affected only iPad users who signed up for AT&T’s 3G wireless Internet service.
An AT&T website could be tricked into revealing an iPad owner’s e-mail address when supplied with a code associated with that particular iPad. A hacker group, Goatse Security, said it got the site to cough up more than 114,000 e-mail addresses by guessing which codes would be valid. The group said it contacted AT&T and waited until the vulnerability was fixed before going public with the information.
AT&T said it was alerted to it by a business customer.
Apple Inc. has not commented, referring all questions to AT&T.
AT&T apologized and said it will notify all iPad users whose e-mail addresses may have been accessed. It said the only information hackers would have been able to steal were e-mail addresses. But that can be enough to launch an effective attack, since the attacker also knows the e-mail recipient is an iPad user and an AT&T customer and would expect e-mail from Apple and AT&T. Criminals could use that knowledge to trick them into opening e-mails that plant malicious software on their computers.