According to a Gawker exclusive, a simple online request made on the AT&T network allowed access to user account information. The information exposed in the breach “included subscribers’ email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T’s network, known as the ICC-ID.” One security consultant offered that “recent holes discovered in the GSM cell phone standard mean that it might be possible to spoof a device on the network or even intercept traffic using the ICC ID.” It is unclear whether that is the case but there is no denying that some heavy hitting iPad users now have exposed email addresses and ICC IDs.
The article points out that one impacted iPad user is William Eldredge, who “commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force.” Here is a listing of some others:
In the media and entertainment industries, “affected accounts belonged to top executives at the New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst.”
The lesson here is that AT&T did not anticipate a hack that was apparently pretty obvious while Apple did no wrong — other than align its fortunes to AT&T.