This is just surreal. In the summer of 2010 AT&T messed up royaly. Leaving a script on their public site that allowed someone to, in what by all acounts seems to be a legal manor, access to to at least 114,000 email addresses of Ipad customers.
And Goatse Security- a gray hat group dedicated to findng and publishing security flaws found AT&T’s security flaw- and published the list. Which included : “New York Times Co. CEO Janet Robinson, Diane Sawyer of ABC News, film mogul Harvey Weinstein, New York City Mayor Michael Bloomberg, and even White House Chief of Staff Rahm Emanuel. A number of CEOs, CFOs, and CTOs also had their email addresses exposed by the leak.” ( article and the original article at Gawker that publicised the breach )
Additionally, a number of the email addresses exposed were from high-ranking military officials or DARPA researchers. Among these was William Eldredge, who “commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force.“
Well, I’m sure for many the response will be- “well, they should have contacted AT&T”. Well…This is something I have a wee bit of experience with. While some companies, to their credit, respond well to this- some, increasingly, even offer “bounties” for revealing flaws, most, shall we say do not. I have the personal experience of being part of a group that revealed to a company (one I guarantee everyone reading this has heard of- and no, not WordPress) a major breach of their customer database. Which they, insisted, was impossible (despite the evidence). So eventually we went to the authorities (not in the US- but where we had highranking contacts). And so the company went into CYA mode. Flew a team there. Press releases denying the breach. Throwing lawyers and money around and ruining the careers of several high ranking police. Demanding suponeas to get the names/identies of everyone in our group. Yes, the classic “no good deed goes unpunished).
And now- two of the security researchers who exposed AT&T have been found guilty of both counts they were charged with – and face 5 years per count.
No good deed goes unpunished indeed. Corporate america does not like to be called out on their mistakes.
Most recent article here