Two suspects have been charged with federal crimes for allegedly hacking AT&T’s website last year to obtain the personal data of more than 100,000 iPad owners.
Last summer the two allegedly contacted Gawker to report that a hole in AT&T’s website allowed anyone to access data on iPad owners, including government and military officials, corporate CEOs and media executives who purchased iPads.
The personal data included e-mail addresses and ICC-IDs – a unique identifier that’s used to authenticate the SIM card in a customer’s iPad to AT&T’s network.
The leak snagged the details of dozens of elite iPad early adopters such as New York Mayor Michael Bloomberg, anchorwoman Diane Sawyer of ABC News, New York Times CEO Janet Robinson and Col. William Eldredge, commander of the 28th Operations Group at Ellsworth Air Force Base in South Dakota.
Gawker reported at the time that the website vulnerability, which AT&T fixed, was discovered by a group calling itself Goatse Security, which authorities say included Spitler and Auernheimer.
The two allegedly wrote a script to harvest the data from AT&T’s website and apparently shared their script with others before AT&T patched the vulnerability.
AT&T maintained that the two did not contact it about the vulnerability, which legitimate security researchers often do prior to publicly disclosing a vulnerability. Instead, AT&T learned of the problem from a “business customer.”
Justice Department complaint reveal some details and can be downloaded here: