The leak of more than 100,000 iPad (NASDAQ: AAPL) users' email addresses and device IDs--including those of White House Chief of Staff Rahm Emanuel, New York Mayor Michael Bloomberg, military personnel and corporate officials--from an AT&T (NYSE: T) website last week redoubles the debate about the use of consumer gadgets for work purposes. While the FBI investigates the security breach, the hackers maintain that they committed no crime.

The hackers, part of group called Goatse Security, say their purpose in breaching the site and sending the email addresses to the blogging site Gawker.com, was solely to expose the risks that iPad users face. "This was done in service of the American public," the group's admin wrote in a blog post Friday. "Your iPads are safer now because of us."

The hackers say that they collected the email addresses and other data from a public web server that anyone on the Internet could access. "There was no breach, intrusion or penetration, by any means of the word," the group's admin wrote. What's more, they say they did not disclose the information to Gawker until after they had notified AT&T of the flaw that allowed the breach, and AT&T repaired it. Gawker redacted the data before publishing it so that no individual's information was compromised.

"This is as 'nice guy' as it gets," the hackers' admin wrote. "We had no interest in direct dialogue with AT&T, but we waited nicely for them to get their house in order and get their hole plugged tight before exposing it."

Nice guys or not, the hackers exposed yet more security vulnerabilities for enterprise IT chiefs to worry about. Paul Roberts, enterprise security analyst with the 451 Group, says there are two overarching lessons for organizations that are grappling with employee use of mobile devices and hosted applications.

First, it is vital to be able to track and manage the devices and applications operating in your enterprise environment, Roberts writes in a post at InfoWorld. "Consumer-led adoption of next-generation devices like the iPad outstrips the ability of IT organizations to properly manage and secure them," he writes, adding that vendors have not been quick to provide support for mobile devices.

Second, it is important to spend the resources needed for application testing and security. The latest AT&T vulnerability suggests that "carriers are still playing fast and loose with their public-facing applications," Roberts writes: "Plenty of security Cassandras have been talking about this problem for a long time. Their pleas have gotten more urgent as agile development methods and the gold rush on SaaS and hosted applications have driven coding standards even lower."

For more:
- see Paul Roberts' post at InfoWorld
- see Goatse Security blog post
- see Original Gawker post about the breach

Related Articles:
Report: Apple iPad killing netbook sales
Mobile phone users say they'd use iPad for work
U.S. data breach = $204 per lost record
Heartland CIO: "I don't think software will ever be secure again."