Soon after the Federal Bureau of Investigation confirmed it has launched an investigation into the security flaw in AT&T's system that allowed more than 100,000 iPad device identification numbers and owner e-mail addresses, AT&T told iPad owners in an e-mail that the company would cooperate with any investigation and would prosecute the offenders to the fullest extent of the law, according to InformationWeek.
In an e-mail, AT&T chief privacy officer Dorothy Attwood told customers the hackers were malicious and "went to great efforts" to obtain the information. She also told them the flaw that allowed the hackers access had been fixed.
In a blog post response to that e-mail, one of "researchers" for Goatse Security, as the group calls itself, said AT&T was not taking the risk of this particular security flaw seriously enough. Computerworld quotes Escher Auernheimer this way:
I'll tell you this, the finder of the AT&T e-mail leak spent just over a single hour of labor total, not counting the time the script ran with no human intervention, to scrape the 114,000 e-mails. If you see this as "great efforts," so be it.
He noted that AT&T should be grateful it had been alerted to the leak and could fix it before anyone else discovered it and used the e-mail addresses to carry out a targeted attack.