Within days of researchers from Goatse Security finding a flaw in AT&T's website that exposed the e-mail addresses of over 100,000 iPad users, AT&T account information is being leaked.
AT&T customers logging into their accounts to pre-order the Apple iPhone 4 reported that they were given access to the account information of other customers.
Despite entering their own usernames and passwords, the AT&T system would take them to another user's account, according to gadget blog Gizmodo, which broke the news.
Some users said when they refreshed the Web page, the site returned the correct account information.
AT&T said told Gizmodo that it could not replicate the problem but noted that reports of the problem indicated some data, such as social security numbers and credit card numbers, was not disclosed.
The incident comes just days after AT&T apologised for a leak that disclosed e-mail address for more than 100,000 iPad customers, including top business executives, and government and military officials.
But the company blamed the incident on the Goatse Security researchers who uncovered a flaw in AT&T's website.
The e-mail addresses were disclosed after the researchers discovered that entering a serial number for an iPad SIM card into an application on AT&T's Web site would reveal the owner's e-mail address.
They wrote a script that would randomly generate serial numbers and submit them to the website, collecting the e-mail addresses that it returned.
AT&T has said it plans to prosecute Goatse Security, but the group insists it did not break the law and that it acted in the public interest.
The FBI has confirmed that it is investigating the incident to find how private information about iPad users was compromised and whether the actions of the Goatse researchers constitute a crime.
Return to security news headlines
View Security News Archive