Gawker Media said Friday on its Valleywag blog that it has been contacted by the Federal Bureau of Investigation and was told to hold on to relevant documents related to a possible security breach of AT&T Inc.'s website that exposed the email addresses of some owners of Apple Inc. iPad devices.
"We can confirm that Gawker Media was contacted by the FBI earlier today and issued a formal preservation notice," Valleywag said in its post.
Gawker Media publicized the incident Wednesday after being contacted by a small group of computer experts calling itself Goatse Security. The group said it discovered the flaw, explaining that it was able to find the email addresses by guessing numbers that identify iPads connected to AT&T's mobile network. The group said it uncovered 114,000 email addresses, including those of prominent officials in companies, politics and the military.
Escher Auernheimer, a member of the group, said the group hasn't heard from law enforcement and that it didn't do anything illegal.
Thursday, FBI spokeswoman Katherine Schweit confirmed an investigation into the incident had been opened. But she wouldn't comment on what the bureau is looking at. "It's very early in the investigation," she added.
The incident this week was embarrassing to both AT&T and Apple. AT&T declined to comment on the investigation.
Wednesday, the wireless carrier acknowledged that a flaw in its website made it possible for iPad users' email addresses to be revealed. AT&T said it fixed the security problem by Tuesday.
Apple hasn't replied to requests for comment.
Jennifer Granick, civil liberties director at the Electronic Frontier Foundation, said the Computer Fraud and Abuse Act generally prohibits unauthorized access to computers. The question is whether typing information into a public website is unauthorized, she said.
Also, prosecutors will consider what people do with the data they obtain before deciding whether to bring charges.
"If you do something fraudulent with the data, then its much more likely that they will charge you," Granick said.
The incident is the latest complication in an already fraught relationship between Apple and AT&T. The companies teamed up to launch the iPhone and have benefitted enormously from the device. But users' complaints about spotty service and dropped calls on AT&T's network led to tension with Apple, which also selected AT&T as the exclusive iPad carrier in the U.S.
AT&T said it "has been in close contact with Apple" over the incident. The carrier is still in the process of determining how many email addresses were revealed and is preparing to notify customers who may have been compromised.
"We are making sure the list is in order," an AT&T spokesman said.
