U.S. prosecutors have charged two people with stealing e-mail addresses and other personal data from around 120,000 iPad 3G users. The alleged hack occurred last June and targeted a security weakness in AT&T’s servers.
Daniel Spitler and Andrew Auernheimer (pictured) have each been charged with one count of fraud and one count of conspiracy to access a computer without authorization. Both of the accused were associated with the hacker group-cum-trolling community Goatse Security. Goatse Security delivered the stolen e-mails to the website Gawker, which published details about the breach, along with redacted e-mail addresses.
The stolen information came from tens of thousands of everyday iPad users. But also information from some big names includes former-White House Chief of Staff Rahm Emmanuel, New York City Mayor Michael Bloomberg, and ABC News anchor Diane Sawyer.
The duo accomplished the hack by taking advantage of a loophole in AT&T’s servers that would return e-mail addresses associated with ID numbers that link the iPad’s 3G SIM cards to individual subscribers. Goatse published details of the hack after AT&T had closed its security loophole.
In blog postings on Goatse’s website, the group has claimed that the hacking was carried out to publicly demonstrate a flaw in AT&T’s security. “AT&T needs to be held accountable for their insecure infrastructure as a public utility and we must defend the rights of consumers over the rights of shareholders,” Auernheimer wrote in an open letter addressed to U.S. attorney Lee Vartan.
The Department of Justice doesn’t quite buy the “hacking for the public good” story. Spitler is expected to appear in a Newark, New Jersey federal court on Tuesday. And Auernheimer is expected to appear in a federal court in Fayetteville, Arkansas.
- Update your Apple devices now to fix these dangerous exploits
- Best Apple Deals: MacBooks, AirPods, iPads, iMacs, AirTags and more
- I hope Apple brings this Vision Pro feature to the iPhone
- Apple’s next MacBooks and iPads could be in serious trouble
- No, 1Password wasn’t hacked – here’s what really happened