iPad Incident Gives Apple and AT&T Their Tabloid Moment

Last Updated Jun 10, 2010 4:48 PM EDT

Yesterday's iPad breach looks bad for Apple (APPL) and AT&T (ATT). But what it really highlighted wasn't lax security. Instead it pointed to the flowering of relationships between hackers and new media that can turn relatively small security issues into major corporate embarrassments.

Goatse Security, a hacker collective billing itself as a security consultant, was able to trick AT&T into giving it the email addresses of 140,000 iPad users. Forget the technical details of how they did it; what's important is that these email addresses, on their own, don't amount to much a security risk.

"I don't think the data would have a lot of value in the underground," said Bill Pennington, chief strategy officer at White Hat Security. "I think their primary motivation is shame and guilt."

So Goatse went to the master of shame, Gawker Media, who broke the story with the titillating and misleading title "Apple's Worst Security Breach: 114,000 iPad Owners Exposed." In fact no one had breached Apple security at all -- the fault lay with AT&T. But Gawker, which has been at war with Apple since exposing its iPhone 4 prototype, knew which headline would draw more attention.

Gawker also played up the celebrity angle, enumerating the A-list victims like Diane Sawyer, Harvey Weinstein, Michael Bloomberg and Rahm Emanuel. Again, it's not clear exactly how compromised these emails were. Yes, these people might now be the target of spam or phishing attacks, but the hackers weren't able to gain access to these email accounts or other important personal data.

A similar dynamic played out recently with Facebook. A security consultant found a potential privacy flaw in Facebook's new integration with Yelp and passed it along to Techcrunch, which had been editorializing against this partnership. Techcrunch made big headlines out of the dangers, even though no actual user data had ever been compromised.

It's an unfortunate new reality for tech companies, because all big firms have security holes. Flaws that once would have been considered bugs are now considered news, at least by some. According to Forbes, one of the hackers involved first sent an email about the iPad breech to Reuters (TRI), Washington Post and others, but was ignored. After the story broke last night on Gawker, however, it made the rounds across the entire spectrum of mainstream media.

Image from Flickr user Don Hankin

  • Ben Popper

    Ben Popper writes at the intersection of culture and technology. His work has been published in the NY Times, Washington Post, Fast Company, Rolling Stone, The Atlantic and many others. He lives at www.benpopper.com.