A 27 year old man, named Andrew Auernheimer, known online as “Weev” has been convicted on Tuesday ( 11/20/2012) for accessing AT&T server by impersonating as iPad to steal 114,000 email addresses which includes emails of some of the celebrities.He faces 10 year of imprisonment.
The data breach was originally from the first 3G enabled iPad launched in April, 2010. Andrew Auernheimer and Daniel Spitler, aka “JacksonBrowne” discovered a flaw that prefilled in a user’s email address when the site was loaded from the iPad , from AT&T’s server. The iPad encoded with a unique cellular ID number (ICC ID) that appeared in the URL when accessing the AT&T website. Andrew and Daniel said to be part of a group called Goatse Security, who discovered if someone altered the ICC ID numbers in the URL, other email addresses were generated on the AT&T site. Daniel wrote a script that automatically guessed the different ICC ID and harvested the 114,000 email addresses.
It’s still unknown if the flaw has been fixed yet by the authorities.