One of two hackers charged in a 2010 breach of the AT&T website that gave the pair more than 100,000 Apple iPad owners’ email addresses has had his conviction overturned thanks to a technicality.
Andrew Auernheimer, known online as weev, saw his verdict overturned because he was charged and prosecuted in New Jersey, where none of the offenses occurred. The AT&T servers he was accused of accessing were in Texas and Georgia, and the actual hacking was done from California and Arkansas, according to PC World.
Auernheimer and Daniel Spitler discovered a security issue on the AT&T website that allowed them to obtain the email addresses of 114,000 Apple iPad owners by submitting random SIM card serial numbers through a program they built.
The two were caught after contacting media organizations to make the security issue public. Spitler pleaded guilty and received probation while Aurenheimer tried to fight the charges and was sentenced to 41 months in prison, which he began serving in March 2013.
Auernheimer’s defense argued that in addition to the improper trial location, accessing a publicly available website doesn’t constitute unauthorized access to a computer system under the CFAA. The appeals court didn’t consider that additional argument.