Kevin Mahaffey says that there was more personal information at risk in the recent iPad/AT&T breach than originally revealed:
The iPad security breach last week potentially exposed the emails of 114,000 AT&T customers, but that is not the only information that could have been discovered by clever hackers. iPad owners will be surprised to know that the data breach revealed far more personal and sensitive information than is generally known. Reports initially said only email addresses and ”ICC-ID numbers,” a seemingly unimportant identifier, were leaked. But those ICC-ID numbers reveal a lot about users, their identity and their location.
In fact, just a little fifth-grade math will allow you to turn the seemingly innocuous ICC-ID number into the more sensitive and generally protected “IMSI”—International Mobile Subscriber Identity. (You basically rearrange some digits). This number is unique to each SIM card and can be used to determine:
- a person’s approximate location—you could track them to see where they are in real-time
- a person’s associated phone number
- and, in some cases, a person’s physical address.
Read more on TechCrunch.