AT&T Contacts iPad 3G Customers (Security Breach Update)

AT&T has finally reached out to their iPad 3G customers affected by the security breach discovered on June 7th. After days of silence formulating a response (and probably being brow beaten by Steve Jobs), the American telecom giant sent an email to explain their side of the story. In a message dated June 13th, Senior Vice President, Public Policy and Chief Privacy Officer Dorothy Attwood described the company’s views on the data leak. It provides an interesting perspective on how AT&T views the incident and how they view their own responsibilities.

The email describes the incident as occurring when:

. . . unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the e-mail address you used to register your iPad for 3G service.

It’s interesting to note just how much is packed into that one sentence. First, AT&T is denying all responsibility for the incident. Granted, they didn’t ask to be hacked or invite the situation to occur. On the other hand, how does a large, multinational corporation that handles the data of millions (if not billions) of people every day get exploited by a simple hack? And by all accounts this was a simple, simple hack. The hackers, a group calling themselves Goatse Security, noticed certain URLs used by an AT&T online application followed a guessable pattern by transmitting information in plain text. Using the pattern they discerned, they were able to hack the application. This is the type of stuff they teach you to avoid in a first year computer science class. While AT&T may have been a victim of an attack, they certainly didn’t do anything to secure themselves from it happening. If you leave your front door unlocked, you haven’t done your part to keep the thieves out.

The second take-away is how AT&T is painting itself as the hapless victim. After all, AT&T just wanted to make your experience better by pre-populating your e-mail address on that nasty old log-in form. Aren’t we great? No matter how much AT&T tries to portray itself otherwise, this is just another embarrassing incident in a long line of them. It is amazing at this point that a company like Apple continues to put up with this act from their telecom partner. It is hard to believe that Steve Jobs is so loyal to them that he’s willing to sheath his somewhat legendary temper for them. Perhaps some day we’ll point back to this incident as the beginning of the end of AT&T exclusivity. Until then, American iPhone users are stuck at the mercy of a telecommunications company more interesting in looking like a victim to save face than one willing to take responsibility for the actions.

What do you think about AT&T’s response? Did their apology take sufficient responsibility for the data breach? Is this the end of AT&T exclusivity? Leave us your thoughts below.

Poll Question

Cast your vote.

Advertisement