By now you've heard that hundreds of thousands of e-mail addresses belonging to owners of Apple iPad devices have been exposed on the Web. You've also heard that AT&T has closed that particular vulnerability. Current owners of the iPad 3G have nothing to worry about as far as that particular leak is concerned.
But that doesn't mean there wasn't damage. Those addresses were exposed for a time. It's a pretty safe bet that somebody, somewhere, got a copy. At the very least, potential spammers will have a fertile source of known good e-mail addresses. But there are other potential problems as well.
By now you've also noticed that the standard login at a wide number of commercial and financial sites is your e-mail address. If the bad guys who got those e-mails started trying to use them to log in to websites, and maybe use what they have to ask for a password reset, there is some damage that they could do, and money they can steal.
Yes, you'd probably be protected if you could show that you didn't actually buy whatever it is that they're trying to order using your information, but as you can probably guess, this is just the first key to identity theft. If you had one of those e-mail addresses, you might want to think about changing your login at sites where you're using it.
But in reality, this is also what educators call a 'teachable moment.' The iPad was an instant success. Millions of them were sold in the first weekend. By now you've had users demanding that they use their new iPads to access your company's e-mail system or the internal network. People may want to use it to create documents or presentations. Let's face it, the fans of the iPad will try to use it for anything it's capable of doing regardless of whether it makes good sense.
And you're on the hot seat to provide them with support. Should you?
The answer in regards to the iPad is the same as it's been for any really new device. That answer is that you should seriously consider waiting a little while. It's not that new equates with bad, it's just that really new devices, whether they're using new phone operating systems, new capabilities or something else that's really new, sometimes take a few days to shake out. So instead of making it your company's e-mail address that's exposed, you can have it be the person's personal account or their gmail address or something else that doesn't expose you.
And sometimes, more is exposed than just e-mail addresses. The U.S. Secret Service once found out that its operational plans were compromised because its new T-Mobile Sidekick devices weren't secure. These things happen, and they happen to any carrier and any device.
Yes, it's nice to have the latest, coolest device. You can impress your friends and coworkers, assuming they care. You can do things you couldn't do with your old device. All of these are fun things.
But a security breach isn't fun. Until you can be certain that enough time has passed that potential security issues have emerged and been fixed, maybe it's better if you don't rush headlong into the coolest device on the planet. Maybe it's better to wait long enough that you can be reasonably sure it's safe for your company.