Take the recent reports about AT&T’s leak of over 100,000 personal email addresses from iPad owners using the wireless operator’s network. This was done by running a script on a public AT&T website by an underground security group named Goatse Security. Worse, they released these email addresses to the public.
AT&T has had security problems with Apple’s products before, most notably when the first iPhone was released. Shockingly, those using AT&T’s network were receiving bills that could amount to hundreds of pages long, detailing all of their data or web activity; highlighting that the operator was paying close attention to users’ 3G activities.
This new development brings a great question to the forefront – who is responsible for leaks of personal data in this example? Apple or AT&T? While Apple has a duty to keep user information private, the reality is that if you don’t have an iPad connected to AT&T’s 3G service, you simply won’t have this problem. It’s likely that while both companies will receive backlash because of this story, it’s really AT&T’s problem.
Apple needs to exert its influence on AT&T, however. It’s widely believed that Cupertino has spurred other wireless networks in favor of its exclusive deal with AT&T, to the tune of five years. With that being said, there are clear security issues with AT&T and its servers. In this instance it doesn’t appear to be the wireless network itself, but a flaw in the way that AT&T stores user information.
The fact that AT&T kept user information that is not encrypted is a concern. This data is not for public consumption and should be stored with respect to privacy. In the coming days, it’s likely that AT&T will announce they will better obscure user data, and rightly so. Even if their servers are vulnerable, and at this point we know to some degree that they are, encrypting the database that stores user information would be a good step in making sure that outsiders don’t have the ability to swipe data that has any value.
The bottom line is that AT&T may not necessarily have problems with its wireless network, but its internal company servers clearly are not protecting data in case of any sort of loss. Here’s hoping that AT&T learns something from this latest security breach, before it happens again.
Guest Post: Daniel Cawrey is a technology blogger who writes on a variety of IT topics including Google Chrome and network management software.