A security breach in the AT&T system allowed a group of hackers to obtain the email addresses of 114 067 iPad owners, along with their ICC-IDs (the unique number that identifies the SIM cards when they connect to a network).
And, as if the huge number wasn’t bad enough on its own, there’s a quite a lot of VIP customers in the list. Top executives at the New York Times, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst, along with government members and NASA employees are among the victims.
Apparently a publicly accessible script on AT&T’s system provided the email addresses when given an ICC-ID as part of an HTTP request. The rest is some knowledge about the format of the ICC IDs and some PHP script brute force.
AT&T reacted quite quickly, issuing an apologetic statement and promising to inform all the victims that their email addresses are now publicly available. This does not however make up for much so we shouldn’t rule out further consequences for the company.