Matt Buchanon had a little conversation with AT&T security chief Ed Amororo on the hack.  It turns out that AT&T wanted to make logging into your 3G data plan dashboard a little easier on the iPad so they populated the email address based on the ICC-ID.  

Hackers effectively used a brute force technique to get the system to spit out email addresses.  As of now, the email populating system is turned off (above image).

Ol’ Ed might have some explaining to do.  While email addresses aren’t the biggest loss for their customers, AT&T should have known that they would be vulnerable with such a system.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s