View Full Version : Should hackers have disclosed AT&T-iPad website flaw?

06-15-2010, 10:36 AM
Last week AT&T made the news headlines after hackers discovered a security flaw in their website and obtaining e-mail address information on more than 114 000 iPad users. eMail addresses included that of normal users to high-placed government officials. The information subsequently handed to an online media service, Gawker, which broke the news.

It is a fact that all users’ whose information is now in the hands of hackers and several media groups may be at risk, not only due to privacy infringements, but also opened to attacks via email. Another risk faced by victims is that fact that their whereabouts can be traced with the serial number of the device, which is allegedly part of the information obtained from the AT&T’s website flaw.

The hackers, known as Goatse Security, waited for AT&T to fix the flaw before going public with the information. This has subsequently led to investigations instituted by the FBI.
According to Goatse, they acted in public interest by revealing the security breach.

The question remains, was this necessary to go public with the information?

From our perspective it is clear that the main purpose of Goatse Security was to cause an embarrassment to AT&T and perhaps also establish some publicity for their activities. If they did indeed act in public interest, the best route would have been to take the matter up with AT&T in private.

We welcome your comments on the matter.