From the Security Experts

June 16, 2010

AT&T Apologizes for Another Privacy Gaffe, Suspends iPhone Pre-ordering

By Senior Web Editor, SIP Trunking Report

AT&T sure has been getting beaten up in the headlines lately. According to published reports, customers placing pre-orders for Apple’s new iPhone this week were accidentally allowed access to each others' accounts.

Numerous customers reportedly contacted tech website Gizmodo on Tuesday saying that while they were placing their pre-orders, they suddenly found themselves logged into another user's account, with full access to all of that user's information.
This is the second major privacy blunder for AT&T in the past two weeks. Last week the company admitted that hackers had accessed the email addresses of iPad 3G subscribers. An AT&T spokesperson later explained that hackers had “maliciously exploited” a function in its system to gain access to serial numbers of AT&T SIM cards for the iPad 3G and their corresponding e-mail addresses.
According to published reports these so-called “hackers” were actually engineers with Goatse Security, which claims its actions were done as a public service and which is objecting to AT&T’s apology to customers. Goatse claims it was actually AT&T’s fault that the breach occurred.
In this latest incident, it remains unclear what data users had access to.
In a statement, AT&T officials said they had “received reports of customers inadvertently seeing the wrong account information during the iPhone 4 purchasing process” but were “unable to replicate the issue.” Regardless, AT&T officials claim the information displayed “did not include call-detail records, social security numbers, or credit card information.”

There have also been reports of iPhone 4 orders being charged and sent to the wrong people.
In related news, AT&T announced today that it is suspending taking pre-orders for the iPhone 4, not because of the security breach issue but because the supply cannot keep up with the demand.
“iPhone 4 pre-order sales yesterday were 10-times higher than the first day of pre-ordering for the iPhone 3G S last year,” the company said in a statement. “Given this unprecedented demand and our current expectations for our iPhone 4 inventory levels when the device is available June 24, we're suspending pre-ordering today in order to fulfill the orders we've already received.”
Yesterday TMCnet’s Ed Silverstein reported that Apple and AT&T were so overwhelmed by the sheer volume of preorders for the newest version of the iPhone that “potential customers were unable to get through to busy call centers, computers timed out, and servers even melted down forcing orders to be written by hand with pen and paper.”
Tuesday marked the first day that Apple Inc. and AT&T Inc., began taking preorders for the fourth version of the iPhone, which is scheduled to go on sale on June 24.

Patrick Barnard is a senior Web editor for TMCnet, covering call and contact center technologies. He also compiles and regularly contributes to TMCnet e-Newsletters in the areas of robotics, IT, M2M, OCS and customer interaction solutions. To read more of Patrick's articles, please visit his columnist page.

Edited by Patrick Barnard