AT&T reportedly bungles handling of private data, again

When some users log in to their AT&T accounts to pre-order the iPhone 4 they are being given access to the account info of other people

This hasn't been AT&T's month. First, security researchers found a loophole in the company's Website that could be used to reveal email addresses for tens of thousands of Apple iPad customers. Now, some users are reporting that when they log in to their AT&T accounts to pre-order the iPhone 4 they are apparently given access to the account information of other people.

"This is how it happens: A customer tries to log into their AT&T account to order a new iPhone 4 upgrade. Despite entering their username and password, the AT&T system would take them to another user account," reported gadget blog Gizmodo, which broke the news.

[ iPhone 4 pre-orders were responsible for bringing down Apple's online store. | Get insight on the latest tech business trends with InfoWorld's Tech's Bottom Line blog. ]

Some users said when they refreshed the Web page with the wrong account information, the site returned the correct account information.

In a statement sent to Gizmodo, AT&T said it couldn't replicate the problem but noted that reports of the problem indicated some data, such as Social Security numbers and credit card numbers was not disclosed.

An AT&T spokesman did not respond to an email request for comment about the report, which came amidst complaints that AT&T's servers weren't prepared to handle a surge in pre-orders for the iPhone 4.

On Monday, AT&T apologized for a leak that disclosed email addresses for more than 100,000 iPad customers, blaming hackers. The email addresses were disclosed after a group called Goatse Security discovered that entering a serial number for an iPad SIM card into an application on AT&T's Website would reveal the owner's email address. They wrote an application that would randomly generate serial numbers and submit them to the Website, collecting the email addresses returned by the site.

Goatse security sent the email addresses collected from AT&T to Gawker, which first reported the privacy breach.

Copyright © 2010 IDG Communications, Inc.

How to choose a low-code development platform