US hacker jailed for 3.5 years over AT&T breach

US hacker Andrew Auernheimer has been imprisoned for obtaining the email addresses of iPad users from AT&T's website

US hacker Andrew Auernheimer has been sentenced to three-and-a-half years in prison for obtaining the email addresses of iPad users from AT&T's website.

Those affected by the breach in June 2010 included US military personnel, members of the Senate and the House of Representatives, and employees of Nasa and the Department of Homeland Security.

The 27-year-old Auernheimer was also ordered to pay $73,000 in damages to AT&T and to serve three years' supervised probation after his release, according to the Guardian.

In November 2012, he was found guilty of identity fraud and conspiracy to access a computer without authorisation.

Auernheimer was associated with Goatse Security, described as "a loose association" of hackers in the original complaint filed in federal court in Newark, New Jersey.

Goatse claimed to have obtained the iPad user data through a script on AT&T's website, which it said was accessible to anyone on the internet.

Auernheimer gave the stolen data to a Gawker journalist in what he said was an effort to expose AT&T’s security flaws.

At the time, iPad carrier AT&T acknowledged the leak, but said the risk was limited to the subscribers' e-mail addresses, and that the vulnerability had been dealt with.

Read more on Hackers and cybercrime prevention