Two members of the group Goatse Security hacked into AT&T’s customer database and gathered the E-mail addresses using a brute force attacked through a security hole. Goatse Security notified AT&T of the breach after harvesting the data.
“The pair used the fact that iPad 3G’s SIM has an ICC-ID, a 19-digit code that AT&T associated with a user’s account and email address. AT&T used the ICC-ID to pre-populate a field containing the owner’s email address when the user needed to login and check account status. By attempting ICC-IDs until they got a “hit,” the pair was able to gather the email addresses.”
These individuals were each charged with one count of fraud and one count of conspiracy to access a computer without authorization.