iPhone 4 order system exposes private information

If it wasn't disaster enough today that AT&T's order system fell over, then ran out of pre-order stock on the first day, Gizmodo is reporting that AT&T's order system has been giving out other users' information to people who login to order their new iPhone.

According to Gizmodo, a group of customers are experiencing the problem if they login using their own username and password. Once logged in, the order system would take them to a whole other users' account, which in turn, gives access to all kinds of private information about the other user - such as: Addresses, phone calls and bills, as well as whatever other information AT&T has that can be accessed through the online ordering system.

Gizmodo reports that according to an AT&T insider, the login issues are linked to an update to the AT&T server software that was performed in the weekend with "no testing" done afterwards. The article insider says:

"[...]Over the weekend there was a major fraud update that went down on all of AT&T's systems, from Saturday overnight to Sunday early morning. All systems were down and agents were unable to use any systems.

The issues people are seeing at AT&T stores and online are most likely related to this update that went wrong.

I do know that there was absolutely NO TESTING of this system done before the launch of the new iPhone. I know it's just heresay at this point, but I can confirm that there was a major outage over the weekend that impacted all ordering systems and programs, and I can confirm that there were multiple systems being upgraded/updated, with some updates being related to fraud.[...]"

The issue occurs whether you login or not, so there is no guarantee that the details will be safe, but Gizmodo points out that AT&T took down the system this morning after the article was published.

As of writing, many customers of AT&T have written to Gizmodo - with screenshots showing the issue, but AT&T, as well as Apple have not commented yet. To read the user reports as well as screenshots, click here.

Report a problem with article
Previous Story

iPhone 4 pre-orders on AT&T sold out

Next Story

Canadian iPhone to be sold unlocked

16 Comments

Commenting is disabled on this article.

Evertime I think about changing network to at&t they come up with a new excuse for me not to. I like the new iphone but too bad that it has more radiation that my current blackberry storm and what's even worse is that it's at&t exclusive.

FransB said,
Maybe they are running Macs with Expose (Haha)

Obvious troll is obvious. How about they are running windows 7 with 3d flip? oh wait..it's useless.

satanist said,

Obvious troll is obvious. How about they are running windows 7 with 3d flip? oh wait..it's useless.

Wow, that joke soared over your head it seems...

Haha, I thought this article would just be about something little that "leaked" through some crafty hacking of the URL or something. Ugh. This is pretty bad.

I would guess the source is a simple agent who was selling at the time of the outage and is going on internal hearsay etc. The relevance of the update being fraud is almost guaranteed to be none--fraud updates are done routinely to keep in line with state, government and international regulations.

I'm sure it went out and probably did cause a serious outage but I think it's a reach blaming it on a software update. The only organisations I've heard of who have major issues (and 'no testing') on software releases are newspaper outlets...

Interesting nonetheless. I don't expect that they'll ever be able to really make a system flash tolerant without using some major provider to host their infrastructure that specializes in this distributed stuff.

When one overwhelming product is released be sure to prepare yourself for one big technical issue to follow. It never fails..

"Over the weekend there was a major fraud update that went down on all of AT&T's systems"

I don't think you're supposed to add the fraud element.

GreyWolf said,
"Over the weekend there was a major fraud update that went down on all of AT&T's systems"

I don't think you're supposed to add the fraud element.


hahaha took the words right out of my fingers

Wow. AT&T has literally had three years to prepare for this since they were first overwhelmed with the launch of the first iPhone. You would think they'd at least have things organizationally together.

I can actually forgive their data network, Steve Jobs quoted that they currently carry more data than all of the other US providers combined which doesn't surprise me one bit. Being continually surprised when their systems fail however is pretty bad.

Stetson said,
Wow. AT&T has literally had three years to prepare for this since they were first overwhelmed with the launch of the first iPhone. You would think they'd at least have things organizationally together.

I can actually forgive their data network, Steve Jobs quoted that they currently carry more data than all of the other US providers combined which doesn't surprise me one bit. Being continually surprised when their systems fail however is pretty bad.

Kind of makes you wonder how AT&T can have such terrible IT people developing their systems. It really is not hard to develop a horizontally scaling storefront application.