Who’s dishonest, the hackers or AT&T?

It seems the Gawker group is becoming the receptacle for ill-gotten goods on Apple products. First was the iPhone4 prototype and it’s strange journey from a beer garden bar stool to a Gizmodo editor’s home office.

More recently, a hacker group turned over 114,000 iPad owner email addresses to Gizmodo sister publication Valleywag. What we have heard from AT&T is that “malicious” hackers went to great lengths to scrape the AT&T web site to gather this data.

However, a spokesperson for Goatse Security, the group that did the hacking, told Computerworld today there was neither malice nor scraping. The group had warned about a security breach as early as March 28. Apple responded by patching it on Safari for the desktop but AT&T did nothing.

So Goatse went into AT&T’s site, using an automated script, or “bot,” and an AT&T website feature designed to speed up log in. It seems the group acted to illustrate that AT&T was ignoring the breech they had pointed out more than two months ago.

We can argue about the ethics of Goatse. But to me that is not the point. The point is AT&T’s lack of ethics. They did nothing on first alert. Then when they got hacked they screeched about the evil Goatse rather than user vulnerability.

Yes, they actually remembered to apologize to customers. But at no point have they done or said anything that shows in the future the carrier will go through major efforts to ensure their system is secure. At no point, do they mention that next time they will take less than 75 days to respond to a security breach.

Because next time, the hacker may decide to deliver user data to an organization that makes Gawker publications look like a humanitarian organization.