CHARLOTTE, NC (WBTV) - For wireless users with AT&T, which means iPhone and iPad users, it's been a tough month.
The Ipad, a marketing sensation, has flown off the shelves. Pre-orders for the new Iphone are also beyond expectations. However, some Ipad customers and customers pre-ordering iPhones had their email addresses exposed for hours due to a design flaw.
HIGH PROFILE VICTIMS
If you are Diane Sawyer, White House Chief of Staff Rahm Emanuel or New York Mayor Michael Bloomberg you already know that your email addresses were on a hacker's list after taking advantage of an AT&T design flaw.
HOW CONSUMERS ARE FEELING
In a recent Wall Street Journal poll, over 44% of people said they are concerned about security flaws on their phones or devices like the Ipad and they have good reason to be. In less than 1 month, people have potentially been hit with a double whammy! First, email addresses for some iPad exposed and then it happened again with people placing early orders for the new iPhone.
THE IPAD AND IPHONE HACK:
Two separate issues at AT&T have exposed email addresses. I hate to say this but they are not the only one with this problem. It has happened at other sites, including Facebook earlier this year!
iPhone – Customer enters username and password on the AT&T site to order a new phone and AT&T sometimes displayed an account belonging to someone else!
iPad – Hackers showed how they could guess an iPad's unique Id, type it into the AT&T website and the screen would prefill with the matching email address!
ARE YOU AT RISK?
The good news is that no credit card information or passwords were exposed.
However, potentially anyone that has an iPad that was activated on the AT&T 3G network or anyone with an account at AT&T might have had their email address displayed to strangers.
WHY WAS IT DESIGNED THIS WAY?
This is the struggle for balance – people want quick access and don't realize that the tradeoff is security. AT&T's Chief Security Officer said that, for the iPad, they were trying to make it easy for customers on the go to access their accounts by popping in the email address for them. We have not seen an explanation for the iPhone order process showing the wrong account information.
TWO STEPS YOU CAN TAKE TO PROTECT YOURSELF:
- PASSWORDS: As far as we know, no email passwords were exposed. To minimize your risks, change your password to a strong password on your email account immediately. See our WBTV.com for more details on creating a strong password.
- BE ALERT: If cybercreeps collected this information, they may try to trick you into clicking on bad links by sending you sophisticated emails.
ADDITIONAL INFORMATION AND RESOURCES:
HOW THE IPAD HACK WORKED:
- When you buy your iPad, you have to provide an email address to register it on the AT&T site. Your iPad has a unique ID number.
- The hackers found that you could go to AT&T, type in an ID number and then it would provide the owner's email address.
- They created a computer program to test combinations of iPad ID numbers and collect email addresses when they got a match.
- Using this relatively straightforward hack, they were able to collect over 114,000 email addresses.
- They reported the hack and how it worked. AT&T has since updated their website to prevent future issues.
- FBI is investigating.
HOW TO CREATE STRONG PASSWORDS:
- Create a phrase: I love to watch Panthers' football.
- Choose 1st letter of each word and alternate caps/lowercase (example: IltwPf)
- Add special characters (note: some sites cannot handle special characters) and numbers
LATEST NEWS TO TRACK THE IPAD AND IPHONE HACKS:
Devices & Internet News: There are lots of sites you can follow.
Three examples of sites following the most recent issues are: