Matt Buchanon had a little conversation with AT&T security chief Ed Amororo on the hack. It turns out that AT&T wanted to make logging into your 3G data plan dashboard a little easier on the iPad so they populated the email address based on the ICC-ID.
Hackers effectively used a brute force technique to get the system to spit out email addresses. As of now, the email populating system is turned off (above image).
Ol’ Ed might have some explaining to do. While email addresses aren’t the biggest loss for their customers, AT&T should have known that they would be vulnerable with such a system.