More than 114,000 Apple iPad user email addresses were claimed by hackers exploiting a security hole in AT&Ts website, according a report from Valleywag.
While the hackers, an Internet culture group called Goatse Security, only obtained email addresses, some belonged to prominent government officials, including New York Mayor Michael Bloomberg and White House Chief of Staff Rahm Emanuel.
Since the leak was through AT&T, only iPad 3G owners email addresses were exposed. AT&T claims they have since closed the vulnerability, which involved a script on AT&Ts website.
The group gathered a large number of AT&T assigned associated user ID numbers, working from information on photo sharing sites where the number is often available and from friends devices, filling in the missing numbers in between. When Goatse Security provided the script with an ID number, the associated email address was returned.
According to Goatse Security’s website, the group has also exposed security holes in Safari and Fireox.
AT&T claimed in a response on Gizmodo, Valleywags sister site:
AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
Update: Fox News is reporting the FBI is now investigating “the potential cyber threat” of the breach.