A reader from The Unofficial Apple Weblog (TUAW) has discovered what could be potentially a significant privacy breach in Apple's MobileMe resgistration renewal process.
According to the reader, Apple is inadvertently displaying MobileMe subscribers' data like contact names, notes, phone numbers, dates of birth, etc, to other users in what TUAW calls "very specific conditions".
The potential breach was discovered when the reader, based in the UK, renewed his MobileMe account. In the time between when he renewed the account and MobileMe actually applied the renewal, each time the user logged off and back on to the service, he was shown a list of contacts and their information - the concern being that none of them were his.
"Each time I logged off and on I got a different address book. All the other options were disabled (because my renewal was being processed) but clicking the Contacts icon showed me an address book", the reader wrote. The problem being it just wasn't his address book...it was several different address books over several logins.
The user reportedly investigated the information and found it legitimate, but not before first taking screenshots of each address book he encountered. The privacy breach closed once the MobileMe registration was processed at Apple's end.
Being concerned for his own data, he contacted Apple via both web-chat and email and received an automated email response and no further reply as yet, and web-chat staff reporting that they have not heard other users experiencing the issue.
TUAW has contacted Apple about the report.
10 Comments - Add comment