16 June 2010 | 7,499 views

iPhone 4 Pre-Order System Exposes Customer Data

Check For Vulnerabilities with Acunetix

The big talk over the past weekend was about this, the AT&T system for recording pre-sales records for the new Apple iPad exposed account information. I didn’t think it was a big deal until they did something similar again today with the iPhone 4…the second time in one week – that must be some kind of record?

It seems that people logging in where often greeted by someone else’s details, most likely the system got overloaded and that led to some funky linking of unsychronised database servers. Despite all the problems however AT&T sold out on launch-day! The busiest day in AT&T history so they claim.

Preordering for Apple’s iPhone 4 got off to a rocky start on Tuesday, with long lines, system outages, and an AT&T server that exposed sensitive account information for existing users of the must-have mobile device.

For the second time in less than a week, Gizmodo reported, AT&T was caught exposing private information belonging to Apple customers. The breach came when existing iPhone owners placed advanced orders for the newest iPhone, which is scheduled to go on sale on June 24. After entering their account credentials, certain customers were logged in to accounts belonging to other users, potentially exposing the names, addresses, and phone logs of an unknown number of people, the website said.

The privacy snafu follows a report last week that email addresses for more than 114,000 early adopters of Apple’s iPad were exposed by an overly generous application on AT&T’s website. As a result, email addresses for some of the rich and powerful — including New York Times Co. CEO Janet Robinson, ABC Newswoman Diane Sawyer, film mogul Harvey Weinstein, and New York Mayor Michael Bloomberg — were shared with world+dog.

This story was published today by Gizmodo who has been sharing e-mails their readers have sent in showing the wrong data after logging in.

By the looks of things it’s not slowing down orders or stopping anyone from putting their details in the system, so I hope AT&T does something to rectify it soon.

AT&T representatives didn’t respond to an email seeking comment. Gizmodo shared emails sent by five readers who all recounted the same error.

“I logged in to Att.com in the pre-order frenzy,” a reader named Ethan wrote in one. “I was immediately greeted by someone elses personal information.” Gizmodo included multiple screen shots the publication said belonged to people other than the person who logged in.

Tuesday’s breach came as numerous people reported being unable to complete iPhone 4 preorders. Many who tried to order online received a message reading “There was an error processing your request. Please try again later.” Many customers who tried to order in person were greeted by long lines.

Despite the difficulty, AT&T sold out of launch-day preorders several hours later, with AT&T telling Engadget it “was the busiest online sales day in AT&T history.”

The paranoid amongst us may indeed think there is some mass scale fraud going on and perhaps someone has compromised the AT&T customer records system and is billing other people for iPhones they are taking delivery of.

Well if that’s happening I’m sure the news will come out soon enough unless AT&T manages to sweep it under the carpet.

Either way, if you’re an AT&T customer..I’d be careful if I were you.

Source: The Register



Recent in Apple:
- Apple Retires Support Leaving 20% Of Macs Vulnerable
- Andrew Auernheimer AKA Weev Gets 41 Months Jail Time For GET Requests
- Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit

Related Posts:
- Apple iPhone OS 3.0 Released – 46 Security Patches
- Windows Help Vulnerability Exploited In The Wild
- iPhone Security Flaw – Using a PIN Won’t Protect Your Data

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 81,151 views
- Apple Struggling With Security & Malware - 24,064 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,227 views

Advertise on Darknet

One Response to “iPhone 4 Pre-Order System Exposes Customer Data”

  1. CBRP1R8 16 June 2010 at 10:24 pm Permalink

    This is quoted exerts out of another news story I found since you mentioned the ATT hacker guy, here’s what happened to him this week. LOLOL

    Ipad “hacker” arrested on drugs charges
    The dangers of angering Apple and AT&T

    The man who made the grave mistake of proving that the AT&T and Apple alliance had exposed user’s personal data to the world has been mysteriously arrested on drugs charges.

    FBI people gained a warrant to search the house of Andrew Auernheimer, 24, who alerted the world to the iPad flaw.

    the Feds searching his home found drugs and arrested him. He now faces four felony charges of possession of a controlled substance and one misdemeanour possession charge, Foster said. The drugs included cocaine, ecstasy, LSD, and schedule 2 and 3 pharmaceuticals.

    At the time we thought that AT&T would be protecting customers from having their personal data being used. Now it seems that it meant it would be reporting the case to the FBI. No one knows this of course, the FBI might have decided to do a search for drugs at Auernheimer’s place and the fact that he angered two big IT companies a week before might have just been a coincidence.

    Yeah coincidence my @$$!