iPad e-mail leak reveals 114,000 e-mail addresses

iPad 3G

Providing your e-mail address to activate your iPad 3G may have turned out to be a very bad idea, thanks to an iPad e-mail leak. Image from Flickr.

An iPad e-mail leak has revealed every single one of more than 114,000 early-adopter iPad e-mail addresses. These e-mail addresses were required for 3G iPad owners to activate their devices. This iPad e-mail leak has compromised not only the e-mail addresses of people like your tech-savvy neighbor down the street but White House Chief of Staff Rahm Emanuel. This information leak not only exposes hundreds of thousands of AT&T customers to security concerns, it raises questions about the exclusive contract between Apple and AT&T.

iPad e-mail leak affects all iPad 3G users

The iPad e-mail leak has, as far as most sources can tell, affected all owners of the iPad 3G. AT&T requires an e-mail address to activate the wireless data capabilities of the $800+ device. On the market for only two months, the iPad 3G has been purchased and activated by more than 114,000 users. Each one of these e-mail addresses is associated with an ICC-ID, an integrated circuit card identifier — essentially, proof of identity of the device. With the ICC-ID and e-mail address, hackers could easily launch a mass attack to gain access to the information contained on the iPad.

Big names affected by the iPad e-mail leak

The iPad e-mail leak affects many people, but there are serious concerns about some of the biggest names. The list of leaked iPad 3G e-mail addresses include William Eldridge, commander of a strategic bomber group in the air force. Hundreds of U.S. Department of Justice, NASA, FCC and Army addresses are included on the list. Federal court system employees, House and Senate staffers, FAA, National Institutes of Health, Citigroup, Microsoft and Dow Jones corporate e-mail addresses were also found. It is certain that some of these companies and agencies have used developers to create extra layers of security; but unlike Android devices, the notoriously closed-loop Apple systems can be difficult to upgrade the security on.

Exposing the iPad e-mail leak

The iPad e-mail leak is based on a vulnerability within the AT&T network that was released by Goatse Security. This security group has revealed security holes in Amazon, Firefox, and Safari in the past. According to Goatse, they used only data and scripts that were publicly available to find the security hole that the iPad e-mail leak exploited. Before going public with the iPad e-mail leak, Goatse notified AT&T, who closed the security hole. AT&T has not yet notified owners of the iPad 3G whose e-mail addresses may have been compromised, two days after they were informed of the security hole.

Questions about the AT&T/Apple Contract

The iPad e-mail leak is just the latest in problems that Apple device users have encountered with AT&T. The carrier, more than anything, has become known for slow networks and dropped calls on the iPhone and iPad. The problems with AT&T’s network have gotten so bad that even Steve Jobs couldn’t get the new iPhone to work during his WWDC presentation. Apple has announced that AT&T has an exclusive contract for their devices for at least a few more years. Given security breaches like this, slow networks and a lack of customer communication, one has to wonder if that contract will be honored.

Other recent posts by bryanh