iPhone 4 Pre-Order System Exposes Customer Data


The big talk over the past weekend was about this, the AT&T system for recording pre-sales records for the new Apple iPad exposed account information. I didn’t think it was a big deal until they did something similar again today with the iPhone 4…the second time in one week – that must be some kind of record?

It seems that people logging in where often greeted by someone else’s details, most likely the system got overloaded and that led to some funky linking of unsychronised database servers. Despite all the problems however AT&T sold out on launch-day! The busiest day in AT&T history so they claim.

Preordering for Apple’s iPhone 4 got off to a rocky start on Tuesday, with long lines, system outages, and an AT&T server that exposed sensitive account information for existing users of the must-have mobile device.

For the second time in less than a week, Gizmodo reported, AT&T was caught exposing private information belonging to Apple customers. The breach came when existing iPhone owners placed advanced orders for the newest iPhone, which is scheduled to go on sale on June 24. After entering their account credentials, certain customers were logged in to accounts belonging to other users, potentially exposing the names, addresses, and phone logs of an unknown number of people, the website said.

The privacy snafu follows a report last week that email addresses for more than 114,000 early adopters of Apple’s iPad were exposed by an overly generous application on AT&T’s website. As a result, email addresses for some of the rich and powerful — including New York Times Co. CEO Janet Robinson, ABC Newswoman Diane Sawyer, film mogul Harvey Weinstein, and New York Mayor Michael Bloomberg — were shared with world+dog.

This story was published today by Gizmodo who has been sharing e-mails their readers have sent in showing the wrong data after logging in.

By the looks of things it’s not slowing down orders or stopping anyone from putting their details in the system, so I hope AT&T does something to rectify it soon.

AT&T representatives didn’t respond to an email seeking comment. Gizmodo shared emails sent by five readers who all recounted the same error.

“I logged in to Att.com in the pre-order frenzy,” a reader named Ethan wrote in one. “I was immediately greeted by someone elses personal information.” Gizmodo included multiple screen shots the publication said belonged to people other than the person who logged in.

Tuesday’s breach came as numerous people reported being unable to complete iPhone 4 preorders. Many who tried to order online received a message reading “There was an error processing your request. Please try again later.” Many customers who tried to order in person were greeted by long lines.

Despite the difficulty, AT&T sold out of launch-day preorders several hours later, with AT&T telling Engadget it “was the busiest online sales day in AT&T history.”

The paranoid amongst us may indeed think there is some mass scale fraud going on and perhaps someone has compromised the AT&T customer records system and is billing other people for iPhones they are taking delivery of.

Well if that’s happening I’m sure the news will come out soon enough unless AT&T manages to sweep it under the carpet.

Either way, if you’re an AT&T customer..I’d be careful if I were you.

Source: The Register

Posted in: Apple, Exploits/Vulnerabilities, Privacy

, , , ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


One Response to iPhone 4 Pre-Order System Exposes Customer Data

  1. CBRP1R8 June 16, 2010 at 10:24 pm #

    This is quoted exerts out of another news story I found since you mentioned the ATT hacker guy, here’s what happened to him this week. LOLOL

    Ipad “hacker” arrested on drugs charges
    The dangers of angering Apple and AT&T

    The man who made the grave mistake of proving that the AT&T and Apple alliance had exposed user’s personal data to the world has been mysteriously arrested on drugs charges.

    FBI people gained a warrant to search the house of Andrew Auernheimer, 24, who alerted the world to the iPad flaw.

    the Feds searching his home found drugs and arrested him. He now faces four felony charges of possession of a controlled substance and one misdemeanour possession charge, Foster said. The drugs included cocaine, ecstasy, LSD, and schedule 2 and 3 pharmaceuticals.

    At the time we thought that AT&T would be protecting customers from having their personal data being used. Now it seems that it meant it would be reporting the case to the FBI. No one knows this of course, the FBI might have decided to do a search for drugs at Auernheimer’s place and the fact that he angered two big IT companies a week before might have just been a coincidence.

    Yeah coincidence my @$$!