THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING

FBI opens investigation of iPad data breach

Paul Sakuma/Associated Press/File 2010 AT&T says the flaw that exposed-mail addresses of more than 114,000 iPad users has been corrected.
Paul Sakuma/Associated Press/File 2010
AT&T says the flaw that exposed-mail addresses of more than 114,000 iPad users has been corrected. (Paul Sakuma/Associated Press/File 2010)
By Peter Svensson
Associated Press / June 11, 2010

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

  • E-mail|
  • Print|
  • Reprints|
  • |
Text size +

NEW YORK — The FBI is investigating a data breach at AT&T that exposed the e-mail addresses of more than 114,000 owners of the Apple iPad, including government officials.

The agency said yesterday that it is looking into “the potential cyber threat.’’

AT&T Inc. had no comment. The phone company acknowledged Wednesday that it had exposed the e-mail addresses through a website, but had closed the breach. The vulnerability affected only iPad users who signed up for AT&T’s 3G wireless Internet service.

An AT&T website could be tricked into revealing an iPad owner’s e-mail address when supplied with a code associated with that particular iPad. A hacker group, Goatse Security, said it got the site to cough up more than 114,000 e-mail addresses by guessing which codes would be valid. The group said it contacted AT&T and waited until the vulnerability was fixed before going public with the information.

AT&T said it was alerted to it by a business customer.

Apple Inc. has not commented, referring all questions to AT&T.

AT&T apologized and said it will notify all iPad users whose e-mail addresses may have been accessed. It said the only information hackers would have been able to steal were e-mail addresses. But that can be enough to launch an effective attack, since the attacker also knows the e-mail recipient is an iPad user and an AT&T customer and would expect e-mail from Apple and AT&T. Criminals could use that knowledge to trick them into opening e-mails that plant malicious software on their computers.