Daniel Spitler, an alleged member of the Goatse Security hacking group, has pleaded guilty to breaking into AT&T’s systems and obtaining the email addresses of iPad users.
The story of how a vulnerability on AT&T’s website allowed outsiders to scoop up the email addresses of early adopters of the Apple iPad made huge news headlines this time last year.
Goatse (don’t Google it, trust me..) bombarded the AT&T website service with thousands of requests using made-up ICC-ID codes (an internal code used to associate a SIM card with a particular subscriber).
By flooding the website with so many made-up ICC-IDC codes, some were bound to relect a genuine one, and when this happened the website believed them to be a genuine iPad user and revealed the associated email address.
In total, about 120,000 iPad users were said to have had their email addresses exposed. The…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.