Today the New York Times released an blog that details how 114,000 3G iPad owners personal information was hacked. According to the blog, the list contains people from "military personnel, staff members in the Senate and the House of Representatives, and people at the Justice Department, NASA and the Department of Homeland Security." Also several top executives from fortune 500 companies were apart of the list. The group called Goatse Security, discovered the exploit when they were on the AT&T website and found that when you entered in an iPad's number you could get the owner's email address. From there they were able to develop a script that would guess the algorithm AT&T used to come up with the ID numbers.
Should AT&T be held accountable for this exploit? Should your email address be considered private? I think AT&T should have done their due diligence when designing their website and realized that someone could easily have come up with a way to guess customer's ID numbers. As a result, I think AT&T needs to make a formal apology to their customers and remove that feature from their website. However, from the list of users provided in the blog it appears most user's included their work email addresses which theoretically might be searchable. I do not think the publication of these email addresses is too big of a deal.
Reference: http://bits.blogs.nytimes.com/2010/06/09/att-exposes-e-mail-addresses-of-114000-ipad-owners/?emc=eta1/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment