AT&T Inc., reaching out to iPad users Sunday to explain why their e-mail addresses were released last week, blamed the incident on "computer hackers" who "maliciously exploited" an attempt by the carrier to speed the process of logging in to its website.
The comments were the harshest yet by the carrier, which apologized for the security lapse and said it would cooperate with any efforts to investigate or prosecute the breach.
"AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers' information or company websites," the company said.
A group of computer experts calling itself Goatse Security uncovered the flaw and then turned the results over to Gawker Media LLC to be made public last week. Escher Auernheimer, a member of the group, said in a blog post overnight that it acted to protect users and chided AT&T for taking several days to inform customers after becoming aware of the security breach.
"If not for our firm talking about the exploit to third parties who subsequently notified them, they would have never fixed it," Mr. Auernheimer said. "We know what we did was right."
AT&T sent the comments in an e-mail to the roughly 114,000 users of the iPad 3G it determined were affected by the incident. The carrier said only users' e-mail addresses and numbers that identify their devices to AT&T's network were exposed, and that no other personal or account information was at risk.
For more, read the Wall Street Journal.