It is an interesting list of people. White House Chief of Staff Rahm Emanuel's email was listed, as was Diane Sawyer's, Mayor Michael Bloomberg's, and the CEO's and executives of companies like The New York Times, Time Inc. and Dow Jones. More than a few high ranking military personnel were also listed, like Colonel William Eldridge, commander of the largest B-1 bomber squadron currently operational in the US. I hope these guys were using the devices for innocuous things like web browsing and reading ebooks, not using it for communicating or storing sensitive information.
The hack looks pretty straight forward. As Gawker explains it, each iPad has an integrated circuit card identifier, or ICC-ID. When that was fed into a specific URL, AT&T's web server would return the email address associated with the ICC-ID. Once you have once ICC-ID, you just need to write a script to start incrementing the numbers and feed them to the server waiting for the results to spew out like oil from a broken well.
AT&T has since closed the security hole, but the damage has been done. Assuming only email addresses were harvested, the worst case scenario is an increase in spam, spam which can be targeted to people with iPads and likely iPhones, Mac's and other high end tech gear. When you can craft emails so specifically, social engineering more likely to be successful.
That doesn't begin to cover the damage caused to AT&T's already embattled reputation, and it certainly puts a black spot on Apple's reputation, which as far as security goes, has been pretty stellar.
If you only have a WiFi iPad, you needn't worry as AT&T doesn't have your account information. iPhone accounts too appear to be unaffected. However, if you are an iPad 3G user in the US on AT&T's network check your email. There is a good chance you'll see two things. First an apology from AT&T alerting you to the breach. Secondly, you will probably see an increase in spam.
.svg)