The FBI is investigating after what has been described as a "huge" data security breach of the new Apple iPad.
Email addresses of 114,000 early adopters of the much-publicised 3G tablet device, including high profile figures from business, politics and the military, were exposed by the breach in an AT&T network on Monday.
A statement from AT&T said: "The issue was escalated to the highest levels of the company and was corrected by Tuesday. We have essentially turned off the feature that provided the email addresses. We are continuing to investigate and will inform all customers whose email addresses may have been obtained."
No details emerged publicly about the incident until the company that obtained the email addresses, US firm Goatse Security, told a US technology website about it yesterday.
iPad Data Breach
According to industry website Gawker, the Goatse engineers found an application on the AT&T network that allowed them to obtain the email addresses of iPad users when the system was sent written queries. By running a PHP script based on the publicly-available ID numbers of iPads, engineers were able to obtain the email addresses associated with the ID numbers they had queried.
It turned out that the 114,067 ID numbers they obtained included email addresses for many high-profile individuals in the US. As well as Mayor Bloomberg, contact details were obtained for White House chief of staff Rahm Emanuel, staff officers in the Department for Homeland Security, NASA, the Senate, the House of Representatives and executives in Apple, Google, Microsoft, Amazon, HBO, Time Warner, Dow Jones and Viacom.
An FBI spokesman said they have opened an investigation "to address this potential cyber threat". The FBI also said it is investigating whether Goatse’s actions constitute a crime. However, Goatse defended its actions by saying that it made sure the vulnerability was fixed before announcing it publicly via Gawker and that all the private user information gathered by them was destroyed.
iPad Data Security
The Gawker article that reported the breach suggested the incident shows there could be wider vulnerabilities with iPad data security. However, experts believe that this is not the case.
For example Graham Cluley, a senior security consultant at Sophos, told the Daily Telegraph: "iPad users in the UK and elsewhere should not be unduly concerned by these reports. The vulnerability appears to lie in AT&T’s networks…spammers could, in theory, use these email addresses to target iPad users with specific junk email, selling cases or accessories for this device, but there’s no evidence that any malicious third parties have accessed this data."